CVE-2023-53509

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.4.182+ #202104120910+6d1da174272d.61x

Description The Linux kernel contains a flaw within the qed driver related to the qed mcp trace dump() function. The qed mcp cmd and union() function can cause delays exceeding 5 seconds when calling qed mcp nvm rd cmd(), potentially leading to thread scheduling delays. The issue arises because qed mcp trace dump() is called from ethtool, where sleeping is permitted, but the necessary "can sleep" parameters were not propagated to related functions (qed find nvram image() and qed nvram read()). This can result in threads becoming unresponsive for extended periods, as demonstrated by observed delays exceeding 700ms in production environments. The stack trace indicates the issue originates within the qed driver during an ethtool operation.

Recommendations Update to Linux kernel version 4.4.182+ #202104120910+6d1da174272d.61x or a later version.