CVE-2023-53398Use After Free in Linux

CWE-416Use After FreeCWE-1285Improper Validation of Specified Index, Position, or Offset in Input5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARN_ON_ONCE covers future cases. There were out-of-order cqe spotted which lead to drain of the queue and use-after-free because of lack of fifo pointers check. Special check and counter are added to avoid resyn

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.06.1.18+1
Debianlinux/linux_kernel< 6.1.20-1+2
CVEListV5linux/linux58a518948f60153e8f6cb8361d2712aa3a1af94a52e6e7a0bc04c85012a9251c7cf2d444a77eb966+3
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-89x9-fp8h-wm3w: In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked du2025-09-18
OSV
CVE-2023-53398: In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked duri2025-09-18

📋Vendor Advisories

2
Red Hat
kernel: mlx5: fix possible ptp queue fifo use-after-free2025-09-18
Debian
CVE-2023-53398: linux - In the Linux kernel, the following vulnerability has been resolved: mlx5: fix p...2023
CVE-2023-53398 — Use After Free in Linux | cvebase