CVE-2023-53393

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53393
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53393.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53393
Downstream
Published
2025-09-18T14:15:42Z
Modified
2025-09-19T16:00:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Fix mlx5ibgethwstats when used for device

Currently, when mlx5ibgethwstats() is used for device (portnum = 0), there is a special handling in order to use the correct counters, but, portnum is being passed down the stack without any change. Also, some functions assume that port_num >=1. As a result, the following oops can occur.

BUG: unable to handle page fault for address: ffff89510294f1a8 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 8 PID: 1382 Comm: devlink Tainted: G W 6.1.0-rc4forupstreambase202211101612 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rawspinlock+0xc/0x20 Call Trace: <TASK> mlx5ibgetnativeportmdev+0x73/0xe0 [mlx5ib] dogethwstats.constprop.0+0x109/0x160 [mlx5ib] mlx5ibgethwstats+0xad/0x180 [mlx5ib] ibsetupdeviceattrs+0xf0/0x290 [ibcore] ibregisterdevice+0x3bb/0x510 [ibcore] ? atomicnotifierchainregister+0x67/0x80 _mlx5ibadd+0x2b/0x80 [mlx5ib] mlx5rprobe+0xb8/0x150 [mlx5ib] ? auxiliarymatchid+0x6a/0x90 auxiliarybusprobe+0x3c/0x70 ? driversysfsadd+0x6b/0x90 reallyprobe+0xcd/0x380 _driverprobedevice+0x80/0x170 driverprobedevice+0x1e/0x90 _deviceattachdriver+0x7d/0x100 ? driverallowsasyncprobing+0x60/0x60 ? driverallowsasyncprobing+0x60/0x60 busforeachdrv+0x7b/0xc0 _deviceattach+0xbc/0x200 busprobedevice+0x87/0xa0 deviceadd+0x404/0x940 ? devsetname+0x53/0x70 _auxiliarydeviceadd+0x43/0x60 addadev+0x99/0xe0 [mlx5core] mlx5attachdevice+0xc8/0x120 [mlx5core] mlx5loadonedevllocked+0xb2/0xe0 [mlx5core] devlinkreload+0x133/0x250 devlinknlcmdreload+0x480/0x570 ? devlinknlpredoit+0x44/0x2b0 genlfamilyrcvmsgdoit.isra.0+0xc2/0x110 genlrcvmsg+0x180/0x2b0 ? devlinknlcmdregionreaddumpit+0x540/0x540 ? devlinkreload+0x250/0x250 ? devlinkput+0x50/0x50 ? genlfamilyrcvmsgdoit.isra.0+0x110/0x110 netlinkrcvskb+0x54/0x100 genlrcv+0x24/0x40 netlinkunicast+0x1f6/0x2c0 netlinksendmsg+0x237/0x490 socksendmsg+0x33/0x40 _syssendto+0x103/0x160 ? handlemmfault+0x10e/0x290 ? douseraddrfault+0x1c0/0x5f0 _x64syssendto+0x25/0x30 dosyscall64+0x3d/0x90 entrySYSCALL64after_hwframe+0x46/0xb0

Fix it by setting port_num to 1 in order to get device status and remove unused variable.

References

Affected packages