Common Weakness Enumeration

CWE-835

Allowed

Loop with Unreachable Exit Condition ('Infinite Loop')

Abstraction: Base · Status: Incomplete

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

1052 vulnerabilities reference this CWE, most recent first.

GHSA-29M2-93J9-HRCP

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53
VLAI
Details

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6977"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-09T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.",
  "id": "GHSA-29m2-93j9-hrcp",
  "modified": "2022-05-13T01:53:16Z",
  "published": "2022-05-13T01:53:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6977"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0025.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105549"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041821"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041822"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2C77-J78M-453Q

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:33
VLAI
Details

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-04T03:59:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes.",
  "id": "GHSA-2c77-j78m-453q",
  "modified": "2025-04-20T03:33:39Z",
  "published": "2022-05-13T01:46:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6474"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13429"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a998c9195f183d85f5b0bbeebba21a2d4d303d47"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a998c9195f183d85f5b0bbeebba21a2d4d303d47"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2017-07.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3811"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96566"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CMX-XMF3-QM89

Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2024-09-12 18:31
VLAI
Details

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-30T10:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.",
  "id": "GHSA-2cmx-xmf3-qm89",
  "modified": "2024-09-12T18:31:38Z",
  "published": "2022-05-13T01:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19777"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700301"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXKCY35PKC32IFHN4RBUCZ75OWEYVJH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUXKCY35PKC32IFHN4RBUCZ75OWEYVJH"
    },
    {
      "type": "WEB",
      "url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?754ac68f119e0c25cd33c5d652d8aabd533a9fb3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CP8-MJM6-7F5F

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53
VLAI
Details

In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-23T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type.",
  "id": "GHSA-2cp8-mjm6-7f5f",
  "modified": "2022-05-13T01:53:19Z",
  "published": "2022-05-13T01:53:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7324"
    },
    {
      "type": "WEB",
      "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14413"
    },
    {
      "type": "WEB",
      "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9e7695bbee18525eaa6d12b32230313ae8a36a81"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2F8W-W2FC-FV9W

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2022-05-13 01:13
VLAI
Details

The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-05T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.",
  "id": "GHSA-2f8w-w2fc-fv9w",
  "modified": "2022-05-13T01:13:40Z",
  "published": "2022-05-13T01:13:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7908"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201611-11"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=070c4b92b8cd5390889716677a0b92444d6e087a"
    },
    {
      "type": "WEB",
      "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/03/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/03/5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93273"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2G34-X978-MW32

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-08-16 00:00
VLAI
Details

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of "cooperating" guests may, however, cause the effects to be more severe.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-27T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren\u0027t in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of \"cooperating\" guests may, however, cause the effects to be more severe.",
  "id": "GHSA-2g34-x978-mw32",
  "modified": "2022-08-16T00:00:43Z",
  "published": "2022-05-24T19:12:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28698"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-23"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4977"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-380.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/09/01/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2GG3-23VH-J2PG

Vulnerability from github – Published: 2022-03-22 00:00 – Updated: 2026-07-05 03:30
VLAI
Details

An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23352"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-21T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).",
  "id": "GHSA-2gg3-23vh-j2pg",
  "modified": "2026-07-05T03:30:46Z",
  "published": "2022-03-22T00:00:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23352"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352"
    },
    {
      "type": "WEB",
      "url": "https://www.bigantsoft.com"
    },
    {
      "type": "WEB",
      "url": "http://bigant.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H59-FJVH-CG52

Vulnerability from github – Published: 2025-03-27 00:31 – Updated: 2025-03-27 00:31
VLAI
Details

Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the processing of DNS responses. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23392.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2838"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-26T22:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of DNS responses. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23392.",
  "id": "GHSA-2h59-fjvh-cg52",
  "modified": "2025-03-27T00:31:48Z",
  "published": "2025-03-27T00:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2838"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/a45Vm0000000Atp"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-872"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HM9-H873-PGQH

Vulnerability from github – Published: 2023-09-28 21:27 – Updated: 2023-09-28 21:27
VLAI
Summary
OpenFGA Vulnerable to DoS from circular relationship definitions
Details

Overview

OpenFGA is vulnerable to a DoS attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die.

Am I Affected?

Yes, if your store contains an authorization model that allows circular relationships. For example, with this model:

model
  schema 1.1

type user

type group
  relations
    define memberA: [user] or memberB or memberC or memberD or memberE
    define memberB: [user] or memberA or memberC or memberD or memberE
    define memberC: [user] or memberA or memberB or memberD or memberE
    define memberD: [user] or memberA or memberB or memberC or memberE
    define memberE: [user] or memberA or memberB or memberC or memberD

This Check: (user:anne, memberA, group:X) can exhaust memory in the server.

Fix

Upgrade to v1.3.2 and update any offending models.

[BREAKING] If your model contained cycles or a relation definition that has the relation itself in its evaluation path, then Checks and queries that require evaluation will no longer be evaluated on v1.3.2+ and will return errors instead. You will need to update your models to remove the cycles.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openfga/openfga"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-43645"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-28T21:27:04Z",
    "nvd_published_at": "2023-09-27T15:19:34Z",
    "severity": "MODERATE"
  },
  "details": "## Overview\nOpenFGA is vulnerable to a DoS attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it\u0027s possible for the server to exhaust resources and die.\n\n## Am I Affected?\nYes, if your store contains an authorization model that allows circular relationships. For example, with this model:\n\n```\nmodel\n  schema 1.1\n\ntype user\n\ntype group\n  relations\n    define memberA: [user] or memberB or memberC or memberD or memberE\n    define memberB: [user] or memberA or memberC or memberD or memberE\n    define memberC: [user] or memberA or memberB or memberD or memberE\n    define memberD: [user] or memberA or memberB or memberC or memberE\n    define memberE: [user] or memberA or memberB or memberC or memberD\n```\n\nThis Check: `(user:anne, memberA, group:X)` can exhaust memory in the server.\n\n## Fix\nUpgrade to v1.3.2 and update any offending models.\n\n  **[BREAKING]** If your model contained cycles or a relation definition that has the relation itself in its evaluation path, then Checks and queries that require evaluation will no longer be evaluated on v1.3.2+ and will return errors instead. You will need to update your models to remove the cycles.",
  "id": "GHSA-2hm9-h873-pgqh",
  "modified": "2023-09-28T21:27:04Z",
  "published": "2023-09-28T21:27:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openfga/openfga/security/advisories/GHSA-2hm9-h873-pgqh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43645"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openfga/openfga/commit/725296025fd81227c89525808652c6acd4a605f6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openfga/openfga"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenFGA Vulnerable to DoS from circular relationship definitions"
}

GHSA-2J2M-CC64-3XH4

Vulnerability from github – Published: 2025-05-02 18:31 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()

When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem:

watchdog: BUG: soft lockup - CPU#3 stuck for 27s! [a.out:6149] CPU: 3 PID: 6149 Comm: a.out Kdump: loaded Not tainted 6.2.0+ #30 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:remove_wait_queue+0xb/0xc0 Code: 5e 41 5f c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 57 <41> 56 41 55 41 54 55 48 89 fd 53 48 89 f3 4c 8d 6b 18 4c 8d 73 20 RSP: 0018:ffff88811b5978b8 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff88811a7d3780 RCX: ffffffffb7a4d768 RDX: dffffc0000000000 RSI: ffff88811b597908 RDI: ffff888115408040 RBP: 1ffff110236b2f1b R08: 0000000000000000 R09: ffff88811a7d37e7 R10: ffffed10234fa6fc R11: 0000000000000001 R12: ffff88811179b800 R13: 0000000000000001 R14: ffff88811a7d38a8 R15: ffff88811a7d37e0 FS: 00007f6fb5398740(0000) GS:ffff888237180000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000010b6ba002 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tcp_msg_wait_data+0x279/0x2f0 tcp_bpf_recvmsg_parser+0x3c6/0x490 inet_recvmsg+0x280/0x290 sock_recvmsg+0xfc/0x120 _sysrecvmsg+0x160/0x3d0 _sys_recvmsg+0xf0/0x180 __sys_recvmsg+0xea/0x1a0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc

The logic in tcp_bpf_recvmsg_parser is as follows:

msg_bytes_ready: copied = sk_msg_recvmsg(sk, psock, msg, len, flags); if (!copied) { wait data; goto msg_bytes_ready; }

In this case, "copied" always is 0, the infinite loop occurs.

According to the Linux system call man page, 0 should be returned in this case. Therefore, in tcp_bpf_recvmsg_parser(), if the length is 0, directly return. Also modify several other functions with the same problem.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-02T16:15:32Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()\n\nWhen the buffer length of the recvmsg system call is 0, we got the\nflollowing soft lockup problem:\n\nwatchdog: BUG: soft lockup - CPU#3 stuck for 27s! [a.out:6149]\nCPU: 3 PID: 6149 Comm: a.out Kdump: loaded Not tainted 6.2.0+ #30\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:remove_wait_queue+0xb/0xc0\nCode: 5e 41 5f c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 57 \u003c41\u003e 56 41 55 41 54 55 48 89 fd 53 48 89 f3 4c 8d 6b 18 4c 8d 73 20\nRSP: 0018:ffff88811b5978b8 EFLAGS: 00000246\nRAX: 0000000000000000 RBX: ffff88811a7d3780 RCX: ffffffffb7a4d768\nRDX: dffffc0000000000 RSI: ffff88811b597908 RDI: ffff888115408040\nRBP: 1ffff110236b2f1b R08: 0000000000000000 R09: ffff88811a7d37e7\nR10: ffffed10234fa6fc R11: 0000000000000001 R12: ffff88811179b800\nR13: 0000000000000001 R14: ffff88811a7d38a8 R15: ffff88811a7d37e0\nFS:  00007f6fb5398740(0000) GS:ffff888237180000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 000000010b6ba002 CR4: 0000000000370ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n tcp_msg_wait_data+0x279/0x2f0\n tcp_bpf_recvmsg_parser+0x3c6/0x490\n inet_recvmsg+0x280/0x290\n sock_recvmsg+0xfc/0x120\n ____sys_recvmsg+0x160/0x3d0\n ___sys_recvmsg+0xf0/0x180\n __sys_recvmsg+0xea/0x1a0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe logic in tcp_bpf_recvmsg_parser is as follows:\n\nmsg_bytes_ready:\n\tcopied = sk_msg_recvmsg(sk, psock, msg, len, flags);\n\tif (!copied) {\n\t\twait data;\n\t\tgoto msg_bytes_ready;\n\t}\n\nIn this case, \"copied\" always is 0, the infinite loop occurs.\n\nAccording to the Linux system call man page, 0 should be returned in this\ncase. Therefore, in tcp_bpf_recvmsg_parser(), if the length is 0, directly\nreturn. Also modify several other functions with the same problem.",
  "id": "GHSA-2j2m-cc64-3xh4",
  "modified": "2026-06-01T18:31:20Z",
  "published": "2025-05-02T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53133"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a476285f6d2921c3c9faa494eab83b78f78fc55"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf0579989de64d36e177c0611c685dc4a91457a7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d900f3d20cc3169ce42ec72acc850e662a4d4db2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f0d52cc242f279c422b487dcaaccd98b99672fd0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f45cf3ae3068e70e2c7f3e24a7f8e8aa99511f03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.