CVE-2023-53393

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53393
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53393.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53393
Downstream
Related
Published
2025-09-18T13:33:35Z
Modified
2025-10-16T17:48:46.477635Z
Summary
RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Fix mlx5ibgethwstats when used for device

Currently, when mlx5ibgethwstats() is used for device (portnum = 0), there is a special handling in order to use the correct counters, but, portnum is being passed down the stack without any change. Also, some functions assume that port_num >=1. As a result, the following oops can occur.

BUG: unable to handle page fault for address: ffff89510294f1a8 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 8 PID: 1382 Comm: devlink Tainted: G W 6.1.0-rc4forupstreambase202211101612 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rawspinlock+0xc/0x20 Call Trace: <TASK> mlx5ibgetnativeportmdev+0x73/0xe0 [mlx5ib] dogethwstats.constprop.0+0x109/0x160 [mlx5ib] mlx5ibgethwstats+0xad/0x180 [mlx5ib] ibsetupdeviceattrs+0xf0/0x290 [ibcore] ibregisterdevice+0x3bb/0x510 [ibcore] ? atomicnotifierchainregister+0x67/0x80 _mlx5ibadd+0x2b/0x80 [mlx5ib] mlx5rprobe+0xb8/0x150 [mlx5ib] ? auxiliarymatchid+0x6a/0x90 auxiliarybusprobe+0x3c/0x70 ? driversysfsadd+0x6b/0x90 reallyprobe+0xcd/0x380 _driverprobedevice+0x80/0x170 driverprobedevice+0x1e/0x90 _deviceattachdriver+0x7d/0x100 ? driverallowsasyncprobing+0x60/0x60 ? driverallowsasyncprobing+0x60/0x60 busforeachdrv+0x7b/0xc0 _deviceattach+0xbc/0x200 busprobedevice+0x87/0xa0 deviceadd+0x404/0x940 ? devsetname+0x53/0x70 _auxiliarydeviceadd+0x43/0x60 addadev+0x99/0xe0 [mlx5core] mlx5attachdevice+0xc8/0x120 [mlx5core] mlx5loadonedevllocked+0xb2/0xe0 [mlx5core] devlinkreload+0x133/0x250 devlinknlcmdreload+0x480/0x570 ? devlinknlpredoit+0x44/0x2b0 genlfamilyrcvmsgdoit.isra.0+0xc2/0x110 genlrcvmsg+0x180/0x2b0 ? devlinknlcmdregionreaddumpit+0x540/0x540 ? devlinkreload+0x250/0x250 ? devlinkput+0x50/0x50 ? genlfamilyrcvmsgdoit.isra.0+0x110/0x110 netlinkrcvskb+0x54/0x100 genlrcv+0x24/0x40 netlinkunicast+0x1f6/0x2c0 netlinksendmsg+0x237/0x490 socksendmsg+0x33/0x40 _syssendto+0x103/0x160 ? handlemmfault+0x10e/0x290 ? douseraddrfault+0x1c0/0x5f0 _x64syssendto+0x25/0x30 dosyscall64+0x3d/0x90 entrySYSCALL64after_hwframe+0x46/0xb0

Fix it by setting port_num to 1 in order to get device status and remove unused variable.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aac4492ef23a176b6f1a41aadb99177eceb1fc06
Fixed
8d89870d63758363b07ace5c2df82d6bf865f78b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aac4492ef23a176b6f1a41aadb99177eceb1fc06
Fixed
9a97da4674b890b4c28f5f12beba8c33a9cd2f49
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aac4492ef23a176b6f1a41aadb99177eceb1fc06
Fixed
e597b003c736217b0c99ccf1b240c25009105238
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aac4492ef23a176b6f1a41aadb99177eceb1fc06
Fixed
38b50aa44495d5eb4218f0b82fc2da76505cec53

Affected versions

v4.*

v4.15
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18
v4.18-rc1
v4.18-rc2
v4.18-rc3
v4.18-rc4
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7

v5.*

v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.83
v5.15.84
v5.15.85
v5.15.86
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.17
v6.0.18
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.2-rc1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.16.0
Fixed
5.15.87
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.19
Type
ECOSYSTEM
Events
Introduced
6.1.0
Fixed
6.1.5