CVE-2023-53340
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't create a storage for this command, since mlx5 doesn't use it. This lead to array-index-out-of-bounds error. Fix it by checking whether the command is known before collecting the failure data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53340
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.18 (inc) to 6.1.31 (exc)
linux linux_kernel From 6.2 (inc) to 6.3.5 (exc)
linux linux_kernel 6.4
linux linux_kernel 6.4
linux linux_kernel 6.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's mlx5 driver where it tries to collect failure data for commands issued by DEVX. DEVX can issue a general command not used by the mlx5 driver. When such a command fails, mlx5 attempts to collect failure data but does not allocate storage for this unknown command, leading to an array-index-out-of-bounds error. The fix involves checking if the command is known before collecting failure data.

Impact Analysis

The vulnerability can cause an array-index-out-of-bounds error in the mlx5 driver of the Linux kernel, which may lead to system instability, crashes, or potential denial of service. This could affect systems using the mlx5 driver when handling certain DEVX commands.

Mitigation Strategies

Apply the patch or update to the fixed version of the Linux kernel where the mlx5 driver has been corrected to check for known commands before collecting failure data, preventing the array-index-out-of-bounds error.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53340. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart