CVE-2023-53393
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53393
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53393.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53393
- Downstream
- Related
- Published
- 2025-09-18T13:33:35Z
- Modified
- 2025-10-21T17:04:23.869721Z
- Summary
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix mlx5ibgethwstats when used for device
Currently, when mlx5ibgethwstats() is used for device (portnum = 0), there is a special handling in order to use the correct counters, but, portnum is being passed down the stack without any change. Also, some functions assume that port_num >=1. As a result, the following oops can occur.
BUG: unable to handle page fault for address: ffff89510294f1a8 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 8 PID: 1382 Comm: devlink Tainted: G W 6.1.0-rc4forupstreambase202211101612 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rawspinlock+0xc/0x20 Call Trace: <TASK> mlx5ibgetnativeportmdev+0x73/0xe0 [mlx5ib] dogethwstats.constprop.0+0x109/0x160 [mlx5ib] mlx5ibgethwstats+0xad/0x180 [mlx5ib] ibsetupdeviceattrs+0xf0/0x290 [ibcore] ibregisterdevice+0x3bb/0x510 [ibcore] ? atomicnotifierchainregister+0x67/0x80 _mlx5ibadd+0x2b/0x80 [mlx5ib] mlx5rprobe+0xb8/0x150 [mlx5ib] ? auxiliarymatchid+0x6a/0x90 auxiliarybusprobe+0x3c/0x70 ? driversysfsadd+0x6b/0x90 reallyprobe+0xcd/0x380 _driverprobedevice+0x80/0x170 driverprobedevice+0x1e/0x90 _deviceattachdriver+0x7d/0x100 ? driverallowsasyncprobing+0x60/0x60 ? driverallowsasyncprobing+0x60/0x60 busforeachdrv+0x7b/0xc0 _deviceattach+0xbc/0x200 busprobedevice+0x87/0xa0 deviceadd+0x404/0x940 ? devsetname+0x53/0x70 _auxiliarydeviceadd+0x43/0x60 addadev+0x99/0xe0 [mlx5core] mlx5attachdevice+0xc8/0x120 [mlx5core] mlx5loadonedevllocked+0xb2/0xe0 [mlx5core] devlinkreload+0x133/0x250 devlinknlcmdreload+0x480/0x570 ? devlinknlpredoit+0x44/0x2b0 genlfamilyrcvmsgdoit.isra.0+0xc2/0x110 genlrcvmsg+0x180/0x2b0 ? devlinknlcmdregionreaddumpit+0x540/0x540 ? devlinkreload+0x250/0x250 ? devlinkput+0x50/0x50 ? genlfamilyrcvmsgdoit.isra.0+0x110/0x110 netlinkrcvskb+0x54/0x100 genlrcv+0x24/0x40 netlinkunicast+0x1f6/0x2c0 netlinksendmsg+0x237/0x490 socksendmsg+0x33/0x40 _syssendto+0x103/0x160 ? handlemmfault+0x10e/0x290 ? douseraddrfault+0x1c0/0x5f0 _x64syssendto+0x25/0x30 dosyscall64+0x3d/0x90 entrySYSCALL64after_hwframe+0x46/0xb0
Fix it by setting port_num to 1 in order to get device status and remove unused variable.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/38b50aa44495d5eb4218f0b82fc2da76505cec53
- https://git.kernel.org/stable/c/8d89870d63758363b07ace5c2df82d6bf865f78b
- https://git.kernel.org/stable/c/9a97da4674b890b4c28f5f12beba8c33a9cd2f49
- https://git.kernel.org/stable/c/e597b003c736217b0c99ccf1b240c25009105238
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaac4492ef23a176b6f1a41aadb99177eceb1fc06Fixed8d89870d63758363b07ace5c2df82d6bf865f78b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaac4492ef23a176b6f1a41aadb99177eceb1fc06Fixed9a97da4674b890b4c28f5f12beba8c33a9cd2f49
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaac4492ef23a176b6f1a41aadb99177eceb1fc06Fixede597b003c736217b0c99ccf1b240c25009105238
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaac4492ef23a176b6f1a41aadb99177eceb1fc06Fixed38b50aa44495d5eb4218f0b82fc2da76505cec53
Affected versions
v4.*
v5.*
v6.*
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"digest": {
"function_hash": "306139519994900418963393146157415867518",
"length": 890.0
},
"target": {
"file": "drivers/infiniband/hw/mlx5/counters.c",
"function": "do_get_hw_stats"
},
"signature_version": "v1",
"id": "CVE-2023-53393-092fc512",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a97da4674b890b4c28f5f12beba8c33a9cd2f49"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"104551889550779372425443608645162233127",
"223197875834611347472434517475660802283",
"152565113425370060779584148833418838413",
"17216008886962779031558422811233532942",
"256512421281823491341935588733124628827",
"50244209999319116227222716680678125674",
"20319987634801921904756689938157537648",
"317213676806423431416864794897203622765",
"111612845604652350618869802067360708226"
]
},
"target": {
"file": "drivers/infiniband/hw/mlx5/counters.c"
},
"signature_version": "v1",
"id": "CVE-2023-53393-2dd57e6a",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8d89870d63758363b07ace5c2df82d6bf865f78b"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "306139519994900418963393146157415867518",
"length": 890.0
},
"target": {
"file": "drivers/infiniband/hw/mlx5/counters.c",
"function": "do_get_hw_stats"
},
"signature_version": "v1",
"id": "CVE-2023-53393-3ee77ccf",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e597b003c736217b0c99ccf1b240c25009105238"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "306139519994900418963393146157415867518",
"length": 890.0
},
"target": {
"file": "drivers/infiniband/hw/mlx5/counters.c",
"function": "do_get_hw_stats"
},
"signature_version": "v1",
"id": "CVE-2023-53393-918d451e",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38b50aa44495d5eb4218f0b82fc2da76505cec53"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"104551889550779372425443608645162233127",
"223197875834611347472434517475660802283",
"152565113425370060779584148833418838413",
"17216008886962779031558422811233532942",
"256512421281823491341935588733124628827",
"50244209999319116227222716680678125674",
"20319987634801921904756689938157537648",
"317213676806423431416864794897203622765",
"111612845604652350618869802067360708226"
]
},
"target": {
"file": "drivers/infiniband/hw/mlx5/counters.c"
},
"signature_version": "v1",
"id": "CVE-2023-53393-a9c0c062",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@38b50aa44495d5eb4218f0b82fc2da76505cec53"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"104551889550779372425443608645162233127",
"223197875834611347472434517475660802283",
"152565113425370060779584148833418838413",
"17216008886962779031558422811233532942",
"256512421281823491341935588733124628827",
"50244209999319116227222716680678125674",
"20319987634801921904756689938157537648",
"317213676806423431416864794897203622765",
"111612845604652350618869802067360708226"
]
},
"target": {
"file": "drivers/infiniband/hw/mlx5/counters.c"
},
"signature_version": "v1",
"id": "CVE-2023-53393-b33bfc0f",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a97da4674b890b4c28f5f12beba8c33a9cd2f49"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "306139519994900418963393146157415867518",
"length": 890.0
},
"target": {
"file": "drivers/infiniband/hw/mlx5/counters.c",
"function": "mlx5_ib_get_hw_stats"
},
"signature_version": "v1",
"id": "CVE-2023-53393-e023780f",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8d89870d63758363b07ace5c2df82d6bf865f78b"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"104551889550779372425443608645162233127",
"223197875834611347472434517475660802283",
"152565113425370060779584148833418838413",
"17216008886962779031558422811233532942",
"256512421281823491341935588733124628827",
"50244209999319116227222716680678125674",
"20319987634801921904756689938157537648",
"317213676806423431416864794897203622765",
"111612845604652350618869802067360708226"
]
},
"target": {
"file": "drivers/infiniband/hw/mlx5/counters.c"
},
"signature_version": "v1",
"id": "CVE-2023-53393-e520cb6d",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e597b003c736217b0c99ccf1b240c25009105238"
}
]