CVE-2023-54302

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a data race condition within the RDMA/irdma subsystem, specifically concerning CQP (Completion Queue Pair) completion statistics. The issue arises because completion statistics are read while potentially being updated concurrently by a different CPU, as reported by KCSAN. This can lead to inconsistencies and potential data corruption. The fix involves making completion statistics an atomic variable to ensure coherent updates and prevent load/store tearing caused by compiler optimizations. The data race was observed in functions such as irdma sc ccq get cqe info, irdma cqp ce handler, and irdma handle cqp op.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.