CVE-2023-53394

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s net/mlx5e component related to XSK sockets. When a regular request queue (rq) is reactivated after an XSK socket is closed, it may read outdated completion queue entries (cqes), leading to corruption of the rq. This can result in traffic loss on the regular rq and a system crash during subsequent close or deactivation of the rq. The issue was reported as a crash observed when stopping and restarting the xdpsock sample program while traffic is active. The patch resolves this by flushing all cqes during the rq flush process, moving mlx5e rq to ready code into the flush function to facilitate this.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.