CVE-2023-54015 — Signal Handler Race Condition in Linux

CWE-364 — Signal Handler Race Condition7 documents6 sources

Severity

5.7MEDIUM

No vector

EPSS

0.0%

top 89.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device In case devcom allocation is failed, mlx5 is always freeing the priv. However, this priv might have been allocated by a different thread, and freeing it might lead to use-after-free bugs. Fix it by freeing the priv only in case it was allocated by the running thread.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.0.0 — 5.4.244+4

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linuxfadd59fc50d010145f251db583c7ccef37393d19 — 3dfc1004d9afbf689087ae1eafd88f55481984c7+6

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-mx7v-5j4q-68wr: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device In case devcom a↗2025-12-24

▶

OSV

CVE-2023-54015: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device In case devcom all↗2025-12-24

▶

OSV

net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device↗2025-12-24

▶

Debian

CVE-2023-54015: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: D...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54015 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶