CVE-2023-53394
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-12-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.1 (inc) to 6.4.10 (exc) |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mlx5e network driver related to XSK sockets. When the regular receive queue (rq) is reactivated after an XSK socket is closed, it may read stale completion queue entries (cqes), which corrupts the rq. This corruption causes the regular rq to stop receiving traffic and leads to a crash when the rq is next closed or deactivated. The issue happens specifically when stopping and restarting the xdpsock sample program while traffic is running. The fix involves flushing all cqes during the rq flush to prevent stale data from causing corruption.
How can this vulnerability impact me? :
This vulnerability can cause the network receive queue to become corrupted, resulting in no more traffic being received on that queue. Additionally, it can cause the system to crash when the receive queue is closed or deactivated. This can lead to network disruptions and potential downtime on affected systems using the mlx5e driver with XSK sockets.