CVE-2023-53539
BaseFortify
Publication date: 2025-10-04
Last updated on: 2026-03-21
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 4.8 |
| linux | linux_kernel | 4.8 |
| linux | linux_kernel | From 6.5 (inc) to 6.5.3 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.4.16 (exc) |
| linux | linux_kernel | From 4.8.1 (inc) to 6.1.53 (exc) |
| linux | linux_kernel | 4.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's RDMA rxe_requester component. When a send packet is dropped by the IP layer, the system tries to resend the packet by restoring the state of the work queue element (wqe) to its state before sending. However, the code that saves and restores this state misses an important part called the dma struct, which is used to process data through the scatter-gather entry (sge) table. Because the dma struct is not properly saved and restored, resent packets can become corrupted under heavy load conditions. This patch fixes the issue by correctly saving and restoring the dma struct state.
How can this vulnerability impact me? :
This vulnerability can cause data corruption in resent packets when the system is under heavy stress with many queue pairs sending large messages. This means that communication over RDMA using the rxe_requester may be unreliable, leading to corrupted data being transmitted, which can affect the integrity and reliability of applications relying on this communication.