CVE-2023-53581Race Condition in Linux

CWE-362Race Condition5 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 98.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY flag state after locking Currently the check for NOT_READY flag is performed before obtaining the necessary lock. This opens a possibility for race condition when the flow is concurrently removed from unready_flows list by the workqueue task, which causes a double-removal from the list and a crash[0]. Fix the issue by moving the flag check inside the section protected by uplink_priv->unready_flow

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.45.10.188+4
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxad86755b18d5edf1956f6d25c844f2728921687730c281a77fb1b2d362030ea243dd663201d62a21+5
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-r2h4-q9gr-p93h: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY flag state after locking Currently the check for2025-10-04
OSV
CVE-2023-53581: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY flag state after locking Currently the check for NO2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: net/mlx5e: Check for NOT_READY flag state after locking2025-10-04
Debian
CVE-2023-53581: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ...2023