CVE-2023-53530
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC{0}: controller connect complete localhost kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:4/75092 localhost kernel: nvme nvme0: NVME-FC{0}: new ctrl: NQN "nqn.1992-08.com.netapp:sn.b42d198afb4d11ecad6d00a098d6abfa:subsystem.PR_Channel2022_RH84_subsystem_291" localhost kernel: caller is qla_nvme_post_cmd+0x216/0x1380 [qla2xxx] localhost kernel: CPU: 6 PID: 75092 Comm: kworker/u129:4 Kdump: loaded Tainted: G B W OE --------- --- 5.14.0-70.22.1.el9_0.x86_64+debug #1 localhost kernel: Hardware name: HPE ProLiant XL420 Gen10/ProLiant XL420 Gen10, BIOS U39 01/13/2022 localhost kernel: Workqueue: nvme-wq nvme_async_event_work [nvme_core] localhost kernel: Call Trace: localhost kernel: dump_stack_lvl+0x57/0x7d localhost kernel: check_preemption_disabled+0xc8/0xd0 localhost kernel: qla_nvme_post_cmd+0x216/0x1380 [qla2xxx] Use raw_smp_processor_id() instead of smp_processor_id(). Also use queue_work() across the driver instead of queue_work_on() thus avoiding usage of smp_processor_id() when CONFIG_DEBUG_PREEMPT is enabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2026-03-25
Generated
2026-05-07
AI Q&A
2025-10-01
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53530
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's qla2xxx SCSI driver involves the incorrect use of the function smp_processor_id() in preemptible code, which can cause kernel bugs. The fix replaces smp_processor_id() with raw_smp_processor_id() and changes queue_work_on() to queue_work() to avoid using smp_processor_id() when CONFIG_DEBUG_PREEMPT is enabled, preventing potential kernel crashes or instability.


How can this vulnerability impact me? :

This vulnerability can lead to kernel bugs or crashes in systems using the affected qla2xxx driver, potentially causing system instability or downtime.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the kernel logs for the specific call trace indicating improper use of smp_processor_id() in preemptible code. You can use commands like 'dmesg | grep smp_processor_id' or 'journalctl -k | grep smp_processor_id' to find related kernel messages that show the BUG and call trace involving qla_nvme_post_cmd and smp_processor_id().


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where the qla2xxx driver uses raw_smp_processor_id() instead of smp_processor_id(), and replaces queue_work_on() with queue_work() to avoid the problematic usage when CONFIG_DEBUG_PREEMPT is enabled. Until an update is applied, monitoring kernel logs for the BUG messages and avoiding workloads that trigger this code path may reduce impact.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart