CVE-2023-54223

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-54223
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54223.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-54223
Downstream
Related
Published
2025-12-30T12:11:17.389Z
Modified
2026-03-23T05:05:26.526049252Z
Summary
net/mlx5e: xsk: Fix invalid buffer access for legacy rq
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: xsk: Fix invalid buffer access for legacy rq

The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDP_REDIRECT path, and then once again in the driver. This fix sets the flag to avoid releasing on the driver side.

XSK handling of buffers for legacy rq was relying on the caller to set the skip release flag. But the referenced fix started using fragment counts for pages instead of the skip flag.

Crash log: general protection fault, probably for non-canonical address 0xffff8881217e3a: 0000 [#1] SMP CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 6.5.0-rc1+ #31 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:bpfprog03b13f331978c78c+0xf/0x28 Code: ... RSP: 0018:ffff88810082fc98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888138404901 RCX: c0ffffc900027cbc RDX: ffffffffa000b514 RSI: 00ffff8881217e32 RDI: ffff888138404901 RBP: ffff88810082fc98 R08: 0000000000091100 R09: 0000000000000006 R10: 0000000000000800 R11: 0000000000000800 R12: ffffc9000027a000 R13: ffff8881217e2dc0 R14: ffff8881217e2910 R15: ffff8881217e2f00 FS: 0000000000000000(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564cb2e2cde0 CR3: 000000010e603004 CR4: 0000000000370eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? dieaddr+0x32/0x80 ? excgeneralprotection+0x192/0x390 ? asmexcgeneralprotection+0x22/0x30 ? 0xffffffffa000b514 ? bpfprog03b13f331978c78c+0xf/0x28 mlx5exdphandle+0x48/0x670 [mlx5core] ? devgroreceive+0x3b5/0x6e0 mlx5exskskbfromcqelinear+0x6e/0x90 [mlx5core] mlx5ehandlerxcqe+0x55/0x100 [mlx5core] mlx5epollrxcq+0x87/0x6e0 [mlx5core] mlx5enapipoll+0x45e/0x6b0 [mlx5core] __napipoll+0x25/0x1a0 netrx_action+0x28a/0x300 __dosoftirq+0xcd/0x279 ? sortrange+0x20/0x20 runksoftirqd+0x1a/0x20 smpbootthreadfn+0xa2/0x130 kthread+0xc9/0xf0 ? kthreadcompleteandexit+0x20/0x20 retfromfork+0x1f/0x30 </TASK> Modules linked in: mlx5ib mlx5core rpcrdma rdmaucm ibiser libiscsi scsitransportiscsi ibumad rdmacm ibipoib iwcm ibcm ibuverbs ibcore xtconntrack xtMASQUERADE nfconntracknetlink nfnetlink xtaddrtype iptablenat nfnat brnetfilter overlay zram zsmalloc fuse [last unloaded: mlx5core] ---[ end trace 0000000000000000 ]---

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54223.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cbb5379362513cbff450df0457dc370da7244bec
Fixed
58a113a35846d9a5bd759beb332e551e28451f09
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7abd955a58fb0fcd4e756fa2065c03ae488fcfa7
Fixed
e0f52298fee449fec37e3e3c32df60008b509b16

Affected versions

v6.*
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v6.5-rc1
v6.5-rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54223.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.5
Fixed
6.4.10

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54223.json"