CVE-2023-54302Improper Locking in Linux

CWE-667Improper Locking7 documents6 sources
Severity
5.9MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is read lockesly in irdma_wait_event and irdma_check_cqp_progress while it can be updated in the completion thread irdma_sc_ccq_get_cqe_info on another CPU as KCSAN reports. Make completion statistics an atomic variable to reflect coherent updates to it. This will also avoid load/store tearing logic bug potentially possible by compiler optimizations.

Affected Packages4 packages

Linuxlinux/linux_kernel5.14.05.15.124+2
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux915cc7ac0f8e2a23675ee896e87f17c7d3c47089bf0f9f65b7fe36ea9d2e23263dcefc90255d7b1f+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54302: In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is rea2025-12-30
OSV
RDMA/irdma: Fix data race on CQP completion stats2025-12-30
GHSA
GHSA-h862-m8hq-w46v: In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is r2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: RDMA/irdma: Fix data race on CQP completion stats2025-12-30
Debian
CVE-2023-54302: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma:...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54302 Impact, Exploitability, and Mitigation Steps | Wiz