CVE-2023-54048

EPSS 0.03%
Veröffentlicht 24.12.2025 12:22:58
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

RDMA/bnxt_re: Prevent handling any completions after qp destroy

In the Linux kernel, the following vulnerability has been resolved:

RDMA/bnxt_re: Prevent handling any completions after qp destroy

HW may generate completions that indicates QP is destroyed.
Driver should not be scheduling any more completion handlers
for this QP, after the QP is destroyed. Since CQs are active
during the QP destroy, driver may still schedule completion
handlers. This can cause a race where the destroy_cq and poll_cq
running simultaneously.

Snippet of kernel panic while doing bnxt_re driver load unload in loop.
This indicates a poll after the CQ is freed. 

[77786.481636] Call Trace:
[77786.481640]  <TASK>
[77786.481644]  bnxt_re_poll_cq+0x14a/0x620 [bnxt_re]
[77786.481658]  ? kvm_clock_read+0x14/0x30
[77786.481693]  __ib_process_cq+0x57/0x190 [ib_core]
[77786.481728]  ib_cq_poll_work+0x26/0x80 [ib_core]
[77786.481761]  process_one_work+0x1e5/0x3f0
[77786.481768]  worker_thread+0x50/0x3a0
[77786.481785]  ? __pfx_worker_thread+0x10/0x10
[77786.481790]  kthread+0xe2/0x110
[77786.481794]  ? __pfx_kthread+0x10/0x10
[77786.481797]  ret_from_fork+0x2c/0x50

To avoid this, complete all completion handlers before returning the
destroy QP. If free_cq is called soon after destroy_qp,  IB stack
will cancel the CQ work before invoking the destroy_cq verb and
this will prevent any race mentioned.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 1ac5a404797523cedaf424a3aaa3cf8f9548dff8

Version < b79a0e71d6e8692e0b6da05f8aaa7d69191cf7e7

Status affected

Version 1ac5a404797523cedaf424a3aaa3cf8f9548dff8

Version < b8500538b8f5b2cd86b02754c8de83eaa7a2d6ba

Status affected

Version 1ac5a404797523cedaf424a3aaa3cf8f9548dff8

Version < 7faa6097694164380ed19600c7a7993d071270b9

Status affected

Version 1ac5a404797523cedaf424a3aaa3cf8f9548dff8

Version < b5bbc6551297447d3cca55cf907079e206e9cd82

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.11

Status affected

Version 0

Version < 4.11

Status unaffected

Version <= 5.15.*

Version 5.15.124

Status unaffected

Version <= 6.1.*

Version 6.1.43

Status unaffected

Version <= 6.4.*

Version 6.4.8

Status unaffected

Version <= *

Version 6.5

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.099

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/b79a0e71d6e8692e0b6da05f8aaa7d69191cf7e7

https://git.kernel.org/stable/c/b8500538b8f5b2cd86b02754c8de83eaa7a2d6ba

https://git.kernel.org/stable/c/7faa6097694164380ed19600c7a7993d071270b9

https://git.kernel.org/stable/c/b5bbc6551297447d3cca55cf907079e206e9cd82

https://nvd.nist.gov/vuln/detail/CVE-2023-54048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54048

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-54048