CVE-2023-54028
Use-After-Initialization Error in Linux RDMA RXE Causes Kernel Oops
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's RDMA/rxe component. Specifically, during the creation of a queue pair (QP) in the function rxe_create_qp(), an initialization function rxe_qp_from_init() is called, but certain internal setups like rxe_init_task are not completed until a later function rxe_qp_init_req() is executed. If an error happens before rxe_qp_init_req() runs, the cleanup process calls rxe_cleanup_task(), which tries to access an uninitialized spinlock, causing a kernel oops (crash). This happens because the spinlock was never properly initialized due to the error occurring early in the setup sequence.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash (kernel oops) when an error occurs during the initialization of RDMA queue pairs. Such crashes can lead to system instability, potential denial of service, and disruption of services relying on RDMA functionality.