CVE-2023-53029: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53029 is a vulnerability in the Linux kernel affecting the octeontx2-pf driver, discovered and disclosed on March 27, 2025. The vulnerability involves improper use of GFPKERNEL in atomic context on real-time (RT) kernels, specifically in the handling of percpu pointer usage in the aurafreeptr callback (NVD, RedHat).

The vulnerability stems from the commit 4af1b64f80fb which uses get/putcpu() to protect percpu pointer usage in the aurafreeptr() callback, but unnecessarily disables preemption for blockable memory allocation. While commit 87b93b678e95 attempted to fix sleep-inside-atomic warnings, it only addressed the issue for non-RT kernels, leaving RT kernels vulnerable. The issue manifests as sleeping function calls from invalid contexts, particularly in kernel/locking/spinlock_rt.c (NVD).

The vulnerability can lead to system instability on RT kernels when the affected code path is triggered. This occurs specifically in the context of memory allocation and pointer handling within the octeontx2-pf driver, potentially causing kernel warnings and system reliability issues (RedHat).

The fix involves restructuring the get/putcpu() usage to only wrap the actual percpu variable usage in the relevant callback functions. Since there are only two aurafreeptr() callbacks (otx2aurafreeptr() and cn10kaurafreeptr()), and otx2aurafreeptr() doesn't use percpu variables, the get/put_cpu() calls can be moved into the specific callback that requires them (NVD).