CVE-2023-53525

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc3-syzkaller

Description The Linux kernel contains a flaw within the RDMA/cma subsystem. Specifically, the issue relates to allowing only UD qp type to join multicast, and setting qkey to default if it's not set, to fix an uninit-value error where the ib->rec.qkey field is accessed without being initialized. This can lead to a kernel memory safety issue, as indicated by a KMSAN report showing an uninit-value error in cma set qkey and cma make mc event. The issue occurs during multicast operations and involves the handling of the qkey field. The vulnerability is triggered during the rdma join multicast function.

Recommendations Update to a version newer than 5.16.0-rc3-syzkaller.

Exploit

Fix

Use of Uninitialized Resource

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-665

Related Identifiers

ALSA-2025_16880

BDU:2025-16232

CESA-2024_3138

CVE-2023-53525

RHSA-2024:2394

RHSA-2024:3138

RHSA-2024_2394

RHSA-2024_3138

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

CVE-2023-53525

Weakness Enumeration

Related Identifiers

Affected Products

References · 866