Use-after-free Vulnerability in Linux Kernel Affects Mellanox Devices
CVE-2023-53398
What is CVE-2023-53398?
A vulnerability in the Linux kernel was discovered that can lead to a use-after-free condition in Mellanox devices. This issue arises when FIFO indexes are not properly validated during pop operations, particularly during a re-sync action. If a queue is empty, the lack of checks can result in unintended memory access, enabling potential exploitation. To mitigate this, specific checks and counters have been implemented to prevent the resync operation from occurring if the socket buffer (SKB) cannot exist in the FIFO due to out-of-order complete queue entries (CQE), ensuring proper management of FIFO pointers.
Affected Version(s)
Linux 58a518948f60153e8f6cb8361d2712aa3a1af94a < 52e6e7a0bc04c85012a9251c7cf2d444a77eb966
Linux 58a518948f60153e8f6cb8361d2712aa3a1af94a < 6afdedc4e66e3846ce497744f01b95c34bf39d21
Linux 58a518948f60153e8f6cb8361d2712aa3a1af94a < 3a50cf1e8e5157b82268eee7e330dbe5736a0948