CVE-2023-53110

MEDIUM EPSS 5.4%
Published May 2, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 2, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() When performing a stress test on SMC-R by rmmod mlx5_ib driver during the wrk/nginx test, we found that there is a probability of triggering a panic while terminating all link groups. This issue dues to the race between smc_smcr_terminate_all() and smc_buf_create(). smc_smcr_terminate_all smc_buf_create /* init */ conn->sndbuf_desc = NULL; ... __smc_lgr_terminate smc_conn_kill smc_close_abort smc_cdc_get_slot_and_msg_send __softirqentry_text_start smc_wr_tx_process_cqe smc_cdc_tx_handler READ(conn->sndbuf_desc->len); /* panic dues to NULL sndbuf_desc */ conn->sndbuf_desc = xxx; This patch tries to fix the issue by always to check the sndbuf_desc before send any cdc msg, to make sure that no null pointer is seen during cqe processing.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.5  –  <5.10.176
linuxlinux_kernel*≥5.11  –  <5.15.104
linuxlinux_kernel*≥5.16  –  <6.1.21
linuxlinux_kernel*≥6.2  –  <6.2.8
linuxlinux_kernel6.3any
linuxlinux_kernel6.3any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/22a825c541d775c1dbe7b2402786025acad6727b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31817c530768b0199771ec6019571b4f0ddbf230
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c270435db8aa34929263dddae8fd050f5216ecb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ebac7cf0a184a8102821a7a00203f02bebda83c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b108bd9e6be000492ebebe867daa699285978a10
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/22a825c541d775c1dbe7b2402786025acad6727b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31817c530768b0199771ec6019571b4f0ddbf230
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c270435db8aa34929263dddae8fd050f5216ecb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3ebac7cf0a184a8102821a7a00203f02bebda83c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b108bd9e6be000492ebebe867daa699285978a10
    Patch