CVE-2023-54148

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the net/mlx5e module related to the handling of neighbor information during ECMP (Equal-Cost Multipath) mode with IP tunnel encapsulation. Specifically, a use-after-free error can occur when an eswitch is unpaired (e.g., during driver unloading) and a peer rule from a peer eswitch is being deleted. This happens because the neighbor information is cleaned up prematurely in the uplink's profile disable function, before the profile cleanup tx function is called. The issue is triggered when accessing this already cleaned-up neighbor information. The bug manifests as a KASAN (Kernel Address Sanitizer) slab-use-after-free error, as indicated by the provided kernel logs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-54148

RHSA-2024:2394

RHSA-2024:3138

SUSE-SU-2026:0263-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Centos

Linux Kernel

Red Hat

Mlx5E

CVE-2023-54148

Related Identifiers

Affected Products

References · 2093