CVE-2023-54028
Unknown Unknown - Not Provided
Use-After-Initialization Error in Linux RDMA RXE Causes Kernel Oops

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like rxe_init_task are not setup until rxe_qp_init_req(). If an error occurred before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. If rxe_init_task is not executed, rxe_cleanup_task will not be called.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54028
EUVD
EUVD-2025-205135
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's RDMA/rxe component. Specifically, during the creation of a queue pair (QP) in the function rxe_create_qp(), an initialization function rxe_qp_from_init() is called, but certain internal setups like rxe_init_task are not completed until a later function rxe_qp_init_req() is executed. If an error happens before rxe_qp_init_req() runs, the cleanup process calls rxe_cleanup_task(), which tries to access an uninitialized spinlock, causing a kernel oops (crash). This happens because the spinlock was never properly initialized due to the error occurring early in the setup sequence.

Impact Analysis

This vulnerability can cause the Linux kernel to crash (kernel oops) when an error occurs during the initialization of RDMA queue pairs. Such crashes can lead to system instability, potential denial of service, and disruption of services relying on RDMA functionality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54028. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart