CVE-2023-53340

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53340
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53340.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53340
Downstream
Related
Published
2025-09-17T14:56:33.917Z
Modified
2026-02-20T10:43:02.681691Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
net/mlx5: Collect command failures data only for known commands
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Collect command failures data only for known commands

DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't create a storage for this command, since mlx5 doesn't use it. This lead to array-index-out-of-bounds error.

Fix it by checking whether the command is known before collecting the failure data.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53340.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc
Fixed
411e4d6caa7f7169192b8dacc8421ac4fd64a354
Fixed
d8b6f175235d7327b4e1b13216859e89496dfbd5
Fixed
2a0a935fb64ee8af253b9c6133bb6702fb152ac2

Affected versions

v5.*
v5.17
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.4-rc1
v6.4-rc2

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2023-53340-2c2400a5",
        "deprecated": false,
        "digest": {
            "function_hash": "88018531591203654494504564613510931861",
            "length": 449.0
        },
        "signature_version": "v1",
        "target": {
            "function": "cmd_status_log",
            "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a0a935fb64ee8af253b9c6133bb6702fb152ac2",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53340-83df9884",
        "deprecated": false,
        "digest": {
            "function_hash": "88018531591203654494504564613510931861",
            "length": 449.0
        },
        "signature_version": "v1",
        "target": {
            "function": "cmd_status_log",
            "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d8b6f175235d7327b4e1b13216859e89496dfbd5",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53340-a3eefced",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "221680395149123102962038070230864596220",
                "331357806714156647888454066432402257605",
                "220713388393601148338391206995107810767",
                "272396967649216832886006898134822307330",
                "48475279718566939772039081835602569963",
                "336781010869632382984608091466110505172"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d8b6f175235d7327b4e1b13216859e89496dfbd5",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53340-aae042a3",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "221680395149123102962038070230864596220",
                "331357806714156647888454066432402257605",
                "220713388393601148338391206995107810767",
                "272396967649216832886006898134822307330",
                "48475279718566939772039081835602569963",
                "336781010869632382984608091466110505172"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a0a935fb64ee8af253b9c6133bb6702fb152ac2",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53340-b36241bc",
        "deprecated": false,
        "digest": {
            "function_hash": "88018531591203654494504564613510931861",
            "length": 449.0
        },
        "signature_version": "v1",
        "target": {
            "function": "cmd_status_log",
            "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@411e4d6caa7f7169192b8dacc8421ac4fd64a354",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53340-ea5e8d41",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "221680395149123102962038070230864596220",
                "331357806714156647888454066432402257605",
                "220713388393601148338391206995107810767",
                "272396967649216832886006898134822307330",
                "48475279718566939772039081835602569963",
                "336781010869632382984608091466110505172"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "drivers/net/ethernet/mellanox/mlx5/core/cmd.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@411e4d6caa7f7169192b8dacc8421ac4fd64a354",
        "signature_type": "Line"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53340.json"

Git / github.com/gregkh/linux

Affected ranges

Type
GIT
Repo
https://github.com/gregkh/linux
Events
Introduced
4b0986a3613c92f4ec1bdc7f60ec66fea135991f
Fixed
d2869ace6eeb8ea8a6e70e6904524c5a6456d3fb
Introduced
c9c3395d5e3dcc6daee66c6908354d47bf98cb0c
Fixed
c297019eca71ec5236ffe916eb37091de041bf23

Affected versions

v5.*
v5.18
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.3.1
v6.3.2
v6.3.3
v6.3.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53340.json"