CVE-2023-54238
Unknown Unknown - Not Provided
Memory Leak in Linux mlx5 Driver During FIFO Resync Operation

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napi_consume nor by dev_kfree_skb_any. Add call to napi_consume_skb to properly free SKBs. Another leak was happening because mlx5e_skb_fifo_has_room() had an error in the check. Comparing free running counters works well unless C promotes the types to something wider than the counter. In this case counters are u16 but the result of the substraction is promouted to int and it causes wrong result (negative value) of the check when producer have already overlapped but consumer haven't yet. Explicit cast to u16 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-14
NVD
CVE-2023-54238
EUVD
EUVD-2023-60403
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's mlx5 driver involves a memory leak of socket buffers (SKBs) during the ptp resync operation. SKBs were removed from the fifo queue but were not properly freed, leading to a leak. Additionally, there was an error in the mlx5e_skb_fifo_has_room() function's check due to type promotion issues causing incorrect results when counters overlapped. The fix involved properly freeing SKBs with a call to napi_consume_skb and correcting the type casting to prevent the error.

Impact Analysis

This vulnerability can lead to memory leaks in the Linux kernel's network driver, which may cause increased memory usage and potentially degrade system performance or stability over time, especially under heavy network load or during ptp resync operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54238. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart