CVE-2023-53398

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the mlx5 component related to potential use-after-free in the PTP (Precision Time Protocol) queue FIFO (First-In, First-Out) buffer. Insufficient checks on FIFO indexes during pop operations can lead to this issue, particularly during resynchronization actions. Out-of-order completion queue events (cqe) can also contribute to the problem by causing queue draining and a lack of FIFO pointer validation, specifically when the skb id falls outside the expected range between consumer and producer indexes. A warning mechanism (WARN ON ONCE) has been implemented to detect future occurrences.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.