CVE-2023-53398
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53398
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53398.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53398
- Downstream
- Related
- Published
- 2025-09-18T13:33:38Z
- Modified
- 2025-10-21T16:42:03.760822Z
- Summary
- mlx5: fix possible ptp queue fifo use-after-free
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
mlx5: fix possible ptp queue fifo use-after-free
Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE covers future cases.
There were out-of-order cqe spotted which lead to drain of the queue and use-after-free because of lack of fifo pointers check. Special check and counter are added to avoid resync operation if SKB could not exist in the fifo because of OOO cqe (skb_id must be between consumer and producer index).
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced58a518948f60153e8f6cb8361d2712aa3a1af94aFixed52e6e7a0bc04c85012a9251c7cf2d444a77eb966
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced58a518948f60153e8f6cb8361d2712aa3a1af94aFixed6afdedc4e66e3846ce497744f01b95c34bf39d21
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced58a518948f60153e8f6cb8361d2712aa3a1af94aFixed3a50cf1e8e5157b82268eee7e330dbe5736a0948
Affected versions
v5.*
v5.19
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.2
v6.2.3
v6.2.4
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"264385125459958374573783488512582096660",
"29010163805749833292586028108646889986",
"110235200614630880219407539185345912230",
"69022400652024437822262919457987463377"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_stats.c"
},
"signature_version": "v1",
"id": "CVE-2023-53398-08de3623",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a50cf1e8e5157b82268eee7e330dbe5736a0948"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"67002504543132433964665762095069175559",
"127647003557857125069564827932551180152",
"152533684880676270893262847410389703960",
"152942211241670371232263616039340496448"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_stats.h"
},
"signature_version": "v1",
"id": "CVE-2023-53398-0edec5a0",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a50cf1e8e5157b82268eee7e330dbe5736a0948"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"89968658428636514057001126989241759281",
"131995460022415127810278774347234580508",
"125253462746999971190101597422524514353",
"29408972171572185027124665886196105880"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h"
},
"signature_version": "v1",
"id": "CVE-2023-53398-1bfbfc5a",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52e6e7a0bc04c85012a9251c7cf2d444a77eb966"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"126682563957282768158735448919623478002",
"97093024027905408736015776989362726590",
"324384559209135926105976022281293895241",
"247617709700981415301206520797938647631",
"270958507623410995121470742725427502568",
"65461844413322543678882436099771625467",
"133637277579952237614577747784457854423",
"73005322653857627140531152866669383015"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c"
},
"signature_version": "v1",
"id": "CVE-2023-53398-234bbb93",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6afdedc4e66e3846ce497744f01b95c34bf39d21"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"67002504543132433964665762095069175559",
"127647003557857125069564827932551180152",
"331509416066398499456324305148134878773",
"42625664663051679245931705722627444788"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_stats.h"
},
"signature_version": "v1",
"id": "CVE-2023-53398-235718b6",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52e6e7a0bc04c85012a9251c7cf2d444a77eb966"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"264385125459958374573783488512582096660",
"29010163805749833292586028108646889986",
"110235200614630880219407539185345912230",
"69022400652024437822262919457987463377"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_stats.c"
},
"signature_version": "v1",
"id": "CVE-2023-53398-26ec2102",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6afdedc4e66e3846ce497744f01b95c34bf39d21"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"126682563957282768158735448919623478002",
"97093024027905408736015776989362726590",
"324384559209135926105976022281293895241",
"247617709700981415301206520797938647631",
"270958507623410995121470742725427502568",
"65461844413322543678882436099771625467",
"133637277579952237614577747784457854423",
"73005322653857627140531152866669383015"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c"
},
"signature_version": "v1",
"id": "CVE-2023-53398-4d87568a",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a50cf1e8e5157b82268eee7e330dbe5736a0948"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "148878202612225149947106699320173407460",
"length": 105.0
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h",
"function": "mlx5e_skb_fifo_pop"
},
"signature_version": "v1",
"id": "CVE-2023-53398-51458830",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52e6e7a0bc04c85012a9251c7cf2d444a77eb966"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"89968658428636514057001126989241759281",
"131995460022415127810278774347234580508",
"125253462746999971190101597422524514353",
"29408972171572185027124665886196105880"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h"
},
"signature_version": "v1",
"id": "CVE-2023-53398-63c5b6a3",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a50cf1e8e5157b82268eee7e330dbe5736a0948"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"126682563957282768158735448919623478002",
"97093024027905408736015776989362726590",
"324384559209135926105976022281293895241",
"247617709700981415301206520797938647631",
"270958507623410995121470742725427502568",
"65461844413322543678882436099771625467",
"133637277579952237614577747784457854423",
"73005322653857627140531152866669383015"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c"
},
"signature_version": "v1",
"id": "CVE-2023-53398-74fea7cd",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52e6e7a0bc04c85012a9251c7cf2d444a77eb966"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"89968658428636514057001126989241759281",
"131995460022415127810278774347234580508",
"125253462746999971190101597422524514353",
"29408972171572185027124665886196105880"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h"
},
"signature_version": "v1",
"id": "CVE-2023-53398-80f552d0",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6afdedc4e66e3846ce497744f01b95c34bf39d21"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "245551737155677259635256646457739266576",
"length": 706.0
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c",
"function": "mlx5e_ptp_handle_ts_cqe"
},
"signature_version": "v1",
"id": "CVE-2023-53398-86463fab",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52e6e7a0bc04c85012a9251c7cf2d444a77eb966"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"264385125459958374573783488512582096660",
"29010163805749833292586028108646889986",
"110235200614630880219407539185345912230",
"69022400652024437822262919457987463377"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_stats.c"
},
"signature_version": "v1",
"id": "CVE-2023-53398-98628f91",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@52e6e7a0bc04c85012a9251c7cf2d444a77eb966"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "148878202612225149947106699320173407460",
"length": 105.0
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h",
"function": "mlx5e_skb_fifo_pop"
},
"signature_version": "v1",
"id": "CVE-2023-53398-9d504d2b",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a50cf1e8e5157b82268eee7e330dbe5736a0948"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "245551737155677259635256646457739266576",
"length": 706.0
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c",
"function": "mlx5e_ptp_handle_ts_cqe"
},
"signature_version": "v1",
"id": "CVE-2023-53398-9ff47ffa",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6afdedc4e66e3846ce497744f01b95c34bf39d21"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"67002504543132433964665762095069175559",
"127647003557857125069564827932551180152",
"152533684880676270893262847410389703960",
"152942211241670371232263616039340496448"
]
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en_stats.h"
},
"signature_version": "v1",
"id": "CVE-2023-53398-ba00354a",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6afdedc4e66e3846ce497744f01b95c34bf39d21"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "148878202612225149947106699320173407460",
"length": 105.0
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h",
"function": "mlx5e_skb_fifo_pop"
},
"signature_version": "v1",
"id": "CVE-2023-53398-d089d79b",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6afdedc4e66e3846ce497744f01b95c34bf39d21"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "245551737155677259635256646457739266576",
"length": 706.0
},
"target": {
"file": "drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c",
"function": "mlx5e_ptp_handle_ts_cqe"
},
"signature_version": "v1",
"id": "CVE-2023-53398-fd724221",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a50cf1e8e5157b82268eee7e330dbe5736a0948"
}
]