DEBIAN-CVE-2023-53525

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-53525
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53525.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53525
Upstream
Published
2025-10-01T12:15:57Z
Modified
2025-10-02T09:16:07.414762Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Allow UD qptype to join multicast only As for multicast: - The SIDR is the only mode that makes sense; - Besides PSUDP, other port spaces like PSIB is also allowed, as it is UD compatible. In this case qkey also needs to be set [1]. This patch allows only UD qptype to join multicast, and set qkey to default if it's not set, to fix an uninit-value error: the ib->rec.qkey field is accessed without being initialized. ===================================================== BUG: KMSAN: uninit-value in cmasetqkey drivers/infiniband/core/cma.c:510 [inline] BUG: KMSAN: uninit-value in cmamakemcevent+0xb73/0xe00 drivers/infiniband/core/cma.c:4570 cmasetqkey drivers/infiniband/core/cma.c:510 [inline] cmamakemcevent+0xb73/0xe00 drivers/infiniband/core/cma.c:4570 cmaiboejoinmulticast drivers/infiniband/core/cma.c:4782 [inline] rdmajoinmulticast+0x2b83/0x30a0 drivers/infiniband/core/cma.c:4814 ucmaprocessjoin+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479 ucmajoinmulticast+0x1e3/0x250 drivers/infiniband/core/ucma.c:1546 ucmawrite+0x639/0x6d0 drivers/infiniband/core/ucma.c:1732 vfswrite+0x8ce/0x2030 fs/readwrite.c:588 ksyswrite+0x28c/0x520 fs/readwrite.c:643 _dosyswrite fs/readwrite.c:655 [inline] _sesyswrite fs/readwrite.c:652 [inline] _ia32syswrite+0xdb/0x120 fs/readwrite.c:652 dosyscall32irqson arch/x86/entry/common.c:114 [inline] _dofastsyscall32+0x96/0xf0 arch/x86/entry/common.c:180 dofastsyscall32+0x34/0x70 arch/x86/entry/common.c:205 doSYSENTER32+0x1b/0x20 arch/x86/entry/common.c:248 entrySYSENTERcompatafterhwframe+0x4d/0x5c Local variable ib.i created at: cmaiboejoinmulticast drivers/infiniband/core/cma.c:4737 [inline] rdmajoinmulticast+0x586/0x30a0 drivers/infiniband/core/cma.c:4814 ucmaprocessjoin+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479 CPU: 0 PID: 29874 Comm: syz-executor.3 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ===================================================== [1] https://lore.kernel.org/linux-rdma/20220117183832.GD84788@nvidia.com/

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.178-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.25-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.25-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.25-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}