CVE-2023-53393 (GCVE-0-2023-53393)
Vulnerability from cvelistv5
Published
2025-09-18 13:33
Modified
2025-09-18 13:33
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device Currently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0), there is a special handling in order to use the correct counters, but, port_num is being passed down the stack without any change. Also, some functions assume that port_num >=1. As a result, the following oops can occur. BUG: unable to handle page fault for address: ffff89510294f1a8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 8 PID: 1382 Comm: devlink Tainted: G W 6.1.0-rc4_for_upstream_base_2022_11_10_16_12 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:_raw_spin_lock+0xc/0x20 Call Trace: <TASK> mlx5_ib_get_native_port_mdev+0x73/0xe0 [mlx5_ib] do_get_hw_stats.constprop.0+0x109/0x160 [mlx5_ib] mlx5_ib_get_hw_stats+0xad/0x180 [mlx5_ib] ib_setup_device_attrs+0xf0/0x290 [ib_core] ib_register_device+0x3bb/0x510 [ib_core] ? atomic_notifier_chain_register+0x67/0x80 __mlx5_ib_add+0x2b/0x80 [mlx5_ib] mlx5r_probe+0xb8/0x150 [mlx5_ib] ? auxiliary_match_id+0x6a/0x90 auxiliary_bus_probe+0x3c/0x70 ? driver_sysfs_add+0x6b/0x90 really_probe+0xcd/0x380 __driver_probe_device+0x80/0x170 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 ? driver_allows_async_probing+0x60/0x60 ? driver_allows_async_probing+0x60/0x60 bus_for_each_drv+0x7b/0xc0 __device_attach+0xbc/0x200 bus_probe_device+0x87/0xa0 device_add+0x404/0x940 ? dev_set_name+0x53/0x70 __auxiliary_device_add+0x43/0x60 add_adev+0x99/0xe0 [mlx5_core] mlx5_attach_device+0xc8/0x120 [mlx5_core] mlx5_load_one_devl_locked+0xb2/0xe0 [mlx5_core] devlink_reload+0x133/0x250 devlink_nl_cmd_reload+0x480/0x570 ? devlink_nl_pre_doit+0x44/0x2b0 genl_family_rcv_msg_doit.isra.0+0xc2/0x110 genl_rcv_msg+0x180/0x2b0 ? devlink_nl_cmd_region_read_dumpit+0x540/0x540 ? devlink_reload+0x250/0x250 ? devlink_put+0x50/0x50 ? genl_family_rcv_msg_doit.isra.0+0x110/0x110 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x1f6/0x2c0 netlink_sendmsg+0x237/0x490 sock_sendmsg+0x33/0x40 __sys_sendto+0x103/0x160 ? handle_mm_fault+0x10e/0x290 ? do_user_addr_fault+0x1c0/0x5f0 __x64_sys_sendto+0x25/0x30 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Fix it by setting port_num to 1 in order to get device status and remove unused variable.
Impacted products
Vendor Product Version
Linux Linux Version: aac4492ef23a176b6f1a41aadb99177eceb1fc06
Version: aac4492ef23a176b6f1a41aadb99177eceb1fc06
Version: aac4492ef23a176b6f1a41aadb99177eceb1fc06
Version: aac4492ef23a176b6f1a41aadb99177eceb1fc06
Create a notification for this product.
   Linux Linux Version: 4.16
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/mlx5/counters.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8d89870d63758363b07ace5c2df82d6bf865f78b",
              "status": "affected",
              "version": "aac4492ef23a176b6f1a41aadb99177eceb1fc06",
              "versionType": "git"
            },
            {
              "lessThan": "9a97da4674b890b4c28f5f12beba8c33a9cd2f49",
              "status": "affected",
              "version": "aac4492ef23a176b6f1a41aadb99177eceb1fc06",
              "versionType": "git"
            },
            {
              "lessThan": "e597b003c736217b0c99ccf1b240c25009105238",
              "status": "affected",
              "version": "aac4492ef23a176b6f1a41aadb99177eceb1fc06",
              "versionType": "git"
            },
            {
              "lessThan": "38b50aa44495d5eb4218f0b82fc2da76505cec53",
              "status": "affected",
              "version": "aac4492ef23a176b6f1a41aadb99177eceb1fc06",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/mlx5/counters.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.87",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.19",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.5",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device\n\nCurrently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0),\nthere is a special handling in order to use the correct counters, but,\nport_num is being passed down the stack without any change.  Also, some\nfunctions assume that port_num \u003e=1. As a result, the following oops can\noccur.\n\n BUG: unable to handle page fault for address: ffff89510294f1a8\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP\n CPU: 8 PID: 1382 Comm: devlink Tainted: G W          6.1.0-rc4_for_upstream_base_2022_11_10_16_12 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:_raw_spin_lock+0xc/0x20\n Call Trace:\n  \u003cTASK\u003e\n  mlx5_ib_get_native_port_mdev+0x73/0xe0 [mlx5_ib]\n  do_get_hw_stats.constprop.0+0x109/0x160 [mlx5_ib]\n  mlx5_ib_get_hw_stats+0xad/0x180 [mlx5_ib]\n  ib_setup_device_attrs+0xf0/0x290 [ib_core]\n  ib_register_device+0x3bb/0x510 [ib_core]\n  ? atomic_notifier_chain_register+0x67/0x80\n  __mlx5_ib_add+0x2b/0x80 [mlx5_ib]\n  mlx5r_probe+0xb8/0x150 [mlx5_ib]\n  ? auxiliary_match_id+0x6a/0x90\n  auxiliary_bus_probe+0x3c/0x70\n  ? driver_sysfs_add+0x6b/0x90\n  really_probe+0xcd/0x380\n  __driver_probe_device+0x80/0x170\n  driver_probe_device+0x1e/0x90\n  __device_attach_driver+0x7d/0x100\n  ? driver_allows_async_probing+0x60/0x60\n  ? driver_allows_async_probing+0x60/0x60\n  bus_for_each_drv+0x7b/0xc0\n  __device_attach+0xbc/0x200\n  bus_probe_device+0x87/0xa0\n  device_add+0x404/0x940\n  ? dev_set_name+0x53/0x70\n  __auxiliary_device_add+0x43/0x60\n  add_adev+0x99/0xe0 [mlx5_core]\n  mlx5_attach_device+0xc8/0x120 [mlx5_core]\n  mlx5_load_one_devl_locked+0xb2/0xe0 [mlx5_core]\n  devlink_reload+0x133/0x250\n  devlink_nl_cmd_reload+0x480/0x570\n  ? devlink_nl_pre_doit+0x44/0x2b0\n  genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n  genl_rcv_msg+0x180/0x2b0\n  ? devlink_nl_cmd_region_read_dumpit+0x540/0x540\n  ? devlink_reload+0x250/0x250\n  ? devlink_put+0x50/0x50\n  ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n  netlink_rcv_skb+0x54/0x100\n  genl_rcv+0x24/0x40\n  netlink_unicast+0x1f6/0x2c0\n  netlink_sendmsg+0x237/0x490\n  sock_sendmsg+0x33/0x40\n  __sys_sendto+0x103/0x160\n  ? handle_mm_fault+0x10e/0x290\n  ? do_user_addr_fault+0x1c0/0x5f0\n  __x64_sys_sendto+0x25/0x30\n  do_syscall_64+0x3d/0x90\n  entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nFix it by setting port_num to 1 in order to get device status and remove\nunused variable."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-18T13:33:35.133Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8d89870d63758363b07ace5c2df82d6bf865f78b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a97da4674b890b4c28f5f12beba8c33a9cd2f49"
        },
        {
          "url": "https://git.kernel.org/stable/c/e597b003c736217b0c99ccf1b240c25009105238"
        },
        {
          "url": "https://git.kernel.org/stable/c/38b50aa44495d5eb4218f0b82fc2da76505cec53"
        }
      ],
      "title": "RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53393",
    "datePublished": "2025-09-18T13:33:35.133Z",
    "dateReserved": "2025-09-17T14:54:09.737Z",
    "dateUpdated": "2025-09-18T13:33:35.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-53393\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-18T14:15:42.463\",\"lastModified\":\"2025-09-19T16:00:27.847\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device\\n\\nCurrently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0),\\nthere is a special handling in order to use the correct counters, but,\\nport_num is being passed down the stack without any change.  Also, some\\nfunctions assume that port_num \u003e=1. As a result, the following oops can\\noccur.\\n\\n BUG: unable to handle page fault for address: ffff89510294f1a8\\n #PF: supervisor write access in kernel mode\\n #PF: error_code(0x0002) - not-present page\\n PGD 0 P4D 0\\n Oops: 0002 [#1] SMP\\n CPU: 8 PID: 1382 Comm: devlink Tainted: G W          6.1.0-rc4_for_upstream_base_2022_11_10_16_12 #1\\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\\n RIP: 0010:_raw_spin_lock+0xc/0x20\\n Call Trace:\\n  \u003cTASK\u003e\\n  mlx5_ib_get_native_port_mdev+0x73/0xe0 [mlx5_ib]\\n  do_get_hw_stats.constprop.0+0x109/0x160 [mlx5_ib]\\n  mlx5_ib_get_hw_stats+0xad/0x180 [mlx5_ib]\\n  ib_setup_device_attrs+0xf0/0x290 [ib_core]\\n  ib_register_device+0x3bb/0x510 [ib_core]\\n  ? atomic_notifier_chain_register+0x67/0x80\\n  __mlx5_ib_add+0x2b/0x80 [mlx5_ib]\\n  mlx5r_probe+0xb8/0x150 [mlx5_ib]\\n  ? auxiliary_match_id+0x6a/0x90\\n  auxiliary_bus_probe+0x3c/0x70\\n  ? driver_sysfs_add+0x6b/0x90\\n  really_probe+0xcd/0x380\\n  __driver_probe_device+0x80/0x170\\n  driver_probe_device+0x1e/0x90\\n  __device_attach_driver+0x7d/0x100\\n  ? driver_allows_async_probing+0x60/0x60\\n  ? driver_allows_async_probing+0x60/0x60\\n  bus_for_each_drv+0x7b/0xc0\\n  __device_attach+0xbc/0x200\\n  bus_probe_device+0x87/0xa0\\n  device_add+0x404/0x940\\n  ? dev_set_name+0x53/0x70\\n  __auxiliary_device_add+0x43/0x60\\n  add_adev+0x99/0xe0 [mlx5_core]\\n  mlx5_attach_device+0xc8/0x120 [mlx5_core]\\n  mlx5_load_one_devl_locked+0xb2/0xe0 [mlx5_core]\\n  devlink_reload+0x133/0x250\\n  devlink_nl_cmd_reload+0x480/0x570\\n  ? devlink_nl_pre_doit+0x44/0x2b0\\n  genl_family_rcv_msg_doit.isra.0+0xc2/0x110\\n  genl_rcv_msg+0x180/0x2b0\\n  ? devlink_nl_cmd_region_read_dumpit+0x540/0x540\\n  ? devlink_reload+0x250/0x250\\n  ? devlink_put+0x50/0x50\\n  ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\\n  netlink_rcv_skb+0x54/0x100\\n  genl_rcv+0x24/0x40\\n  netlink_unicast+0x1f6/0x2c0\\n  netlink_sendmsg+0x237/0x490\\n  sock_sendmsg+0x33/0x40\\n  __sys_sendto+0x103/0x160\\n  ? handle_mm_fault+0x10e/0x290\\n  ? do_user_addr_fault+0x1c0/0x5f0\\n  __x64_sys_sendto+0x25/0x30\\n  do_syscall_64+0x3d/0x90\\n  entry_SYSCALL_64_after_hwframe+0x46/0xb0\\n\\nFix it by setting port_num to 1 in order to get device status and remove\\nunused variable.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/38b50aa44495d5eb4218f0b82fc2da76505cec53\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8d89870d63758363b07ace5c2df82d6bf865f78b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9a97da4674b890b4c28f5f12beba8c33a9cd2f49\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e597b003c736217b0c99ccf1b240c25009105238\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…