CVE-2023-53623: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53623 is a vulnerability in the Linux kernel's memory management subsystem, specifically affecting the swap functionality. The issue was discovered and disclosed on October 7, 2025, affecting Linux kernel versions after stable 5.10.y. The vulnerability involves a race condition between swapoff and getswappages() functions in the mm/swap component (NVD).

The vulnerability stems from a race condition where the si->lock must be held when deleting the si (swapinfostruct) from the available list. Without proper locking, another thread can re-add the si to the available list, leading to memory corruption. The issue occurs in the swapoff path when concurrent operations involving madvise(MADV_PAGEOUT) on memory blocks and swapon-swapoff operations are performed. The vulnerability has been assigned a CVSS v3.1 base score of 5.7 (Medium severity) (Snyk).

The vulnerability can result in memory corruption, which may not manifest immediately but occurs when memory is allocated and reset for a new swap in the swapon path. In severe cases, this can lead to system panic, particularly under heavy concurrent swap-on/swap-off and memory pressure operations. The issue can be reproduced using tools like stress-ng --swap (Red Hat).

The fix involves ensuring that si->lock is locked before calling 'delfromavaillist()' to prevent other threads from reinserting the si after it has been deleted and SWPWRITEOK has been cleared. This patch has been implemented in various Linux distributions, including Red Hat Enterprise Linux (Red Hat).