Buffer Assignment Error in Linux Kernel Affecting Mellanox ConnectX-4
CVE-2023-53382
What is CVE-2023-53382?
A vulnerability in the Linux kernel related to the SMC (Soft Multi-Channel) protocol leads to a crash when utilizing SMCRv2 with Mellanox ConnectX-4 devices. During the CLC (Connection Establishment Protocol) handshake, if an error occurs in buffer assignment after attempting to use an SMCRv2 device, the connection resources are not properly reset. When the system subsequently tries to establish a connection using an SMCRv1 device, it mistakenly retains references to the previous SMCRv2 link, which leads to a NULL pointer dereference and causes the kernel to crash. This issue underscores the importance of properly managing transition states between different connection protocols.
Affected Version(s)
Linux e49300a6bf6218c835403545e9356141a6340181 < 9540765d1882d15497d880096de99fafabcfa08c
Linux e49300a6bf6218c835403545e9356141a6340181
Linux e49300a6bf6218c835403545e9356141a6340181 < 35112271672ae98f45df7875244a4e33aa215e31