CVE-2023-53463
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-10-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NON_FATAL err All ibmvnic resets, make a call to netdev_tx_reset_queue() when re-opening the device. netdev_tx_reset_queue() resets the num_queued and num_completed byte counters. These stats are used in Byte Queue Limit (BQL) algorithms. The difference between these two stats tracks the number of bytes currently sitting on the physical NIC. ibmvnic increases the number of queued bytes though calls to netdev_tx_sent_queue() in the drivers xmit function. When, VIOS reports that it is done transmitting bytes, the ibmvnic device increases the number of completed bytes through calls to netdev_tx_completed_queue(). It is important to note that the driver batches its transmit calls and num_queued is increased every time that an skb is added to the next batch, not necessarily when the batch is sent to VIOS for transmission. Unlike other reset types, a NON FATAL reset will not flush the sub crq tx buffers. Therefore, it is possible for the batched skb array to be partially full. So if there is call to netdev_tx_reset_queue() when re-opening the device, the value of num_queued (0) would not account for the skb's that are currently batched. Eventually, when the batch is sent to VIOS, the call to netdev_tx_completed_queue() would increase num_completed to a value greater than the num_queued. This causes a BUG_ON crash: ibmvnic 30000002: Firmware reports error, cause: adapter problem. Starting recovery... ibmvnic 30000002: tx error 600 ibmvnic 30000002: tx error 600 ibmvnic 30000002: tx error 600 ibmvnic 30000002: tx error 600 ------------[ cut here ]------------ kernel BUG at lib/dynamic_queue_limits.c:27! Oops: Exception in kernel mode, sig: 5 [....] NIP dql_completed+0x28/0x1c0 LR ibmvnic_complete_tx.isra.0+0x23c/0x420 [ibmvnic] Call Trace: ibmvnic_complete_tx.isra.0+0x3f8/0x420 [ibmvnic] (unreliable) ibmvnic_interrupt_tx+0x40/0x70 [ibmvnic] __handle_irq_event_percpu+0x98/0x270 ---[ end trace ]--- Therefore, do not reset the dql stats when performing a NON_FATAL reset.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-10-02
Generated
2026-05-07
AI Q&A
2025-10-01
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53463
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm ibmvnic *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's ibmvnic driver. When a NON_FATAL reset happens, the driver incorrectly resets certain byte queue limit (BQL) statistics (num_queued and num_completed) that track bytes sent and completed on the network interface. Because NON_FATAL resets do not flush transmit buffers, resetting these stats causes a mismatch where completed bytes exceed queued bytes. This mismatch triggers a kernel BUG_ON crash, leading to a kernel panic and system instability. The fix is to avoid resetting these stats during NON_FATAL resets to prevent the crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash (kernel panic) due to a BUG_ON triggered by inconsistent byte queue statistics in the ibmvnic driver during NON_FATAL resets. Such crashes can lead to system instability, downtime, and potential loss of network connectivity on affected systems using the ibmvnic driver.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for specific error messages related to the ibmvnic driver. Look for repeated 'tx error 600' messages and kernel BUG messages indicating a crash in dynamic_queue_limits.c, such as 'kernel BUG at lib/dynamic_queue_limits.c:27!' and 'Oops: Exception in kernel mode, sig: 5'. You can use commands like 'dmesg | grep ibmvnic' or 'journalctl -k | grep ibmvnic' to check for these error messages in the kernel logs.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the ibmvnic driver does not reset the Byte Queue Limit (dql) stats during a NON_FATAL reset. This prevents the mismatch between queued and completed byte counters that leads to kernel crashes. Applying the vendor-provided patch or updating the Linux kernel to a version where this issue is fixed is recommended. Avoid performing resets that call netdev_tx_reset_queue() on NON_FATAL errors until the fix is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart