Linux Kernel Vulnerability in QED Driver Allows Thread Blocking
CVE-2023-53509
What is CVE-2023-53509?
A vulnerability in the Linux kernel's QED driver causes excessive thread blocking due to improper command handling in the qed_mcp_cmd_and_union() function. This function can delay thread execution for over 5 seconds, resulting in severe thread scheduling delays, as evidenced by observed delays exceeding 700ms in production environments. The issue arises while executing qed_mcp_trace_dump(), which is called from ethtool. Adjustments in the code have been made to allow specific functions to sleep, alleviating the scheduling burdens and improving overall system performance.
Affected Version(s)
Linux c965db44462919f613973aa618271f6c3f5a1e64
Linux c965db44462919f613973aa618271f6c3f5a1e64 < 50c81b35df01db12b348c5cbf4b1917dc9a7db54
Linux c965db44462919f613973aa618271f6c3f5a1e64 < 5401c3e0992860b11fb4b25796e4c4f1921740df