CVE-2023-53712: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53712 is a vulnerability in the Linux kernel related to asynchronous SMP stop calls during kexec operations. The vulnerability was discovered and disclosed on October 22, 2025. It affects the ARM architecture implementation in the Linux kernel, specifically involving the handling of CPU notifications during panic situations (NVD, Ubuntu).

The vulnerability occurs when a panic is triggered by a hrtimer interrupt, causing all online CPUs to be notified and set offline. The issue stems from making synchronous function calls with disabled interrupts, which violates the warning introduced by commit 19dbdcb8039c ("smp: Warn on function calls from softirq context"). The problem manifests in the machinecrashnonpanic_core() function, which needs to be made asynchronous to prevent potential system lockups (RedHat).

When exploited, this vulnerability can lead to system crashes and kernel panics, particularly during watchdog timer expiration scenarios. The issue affects system stability and can cause denial of service conditions on affected systems (RedHat).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has fixed the issue in various kernel versions including linux-hwe-5.15 (5.15.0-94.104~20.04.1), linux (5.15.0-94.104), and several other kernel variants. The fix involves making the SMP call for machinecrashnonpanic_core() asynchronous (Ubuntu).