cvelistv5 - cve-2023-54274

CVE-2023-54274 (GCVE-0-2023-54274)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:16 – Updated: 2025-12-30 12:16

Title

RDMA/srpt: Add a check for valid 'mad_agent' pointer

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Add a check for valid 'mad_agent' pointer When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad_agent' variable holds an error value. The 'mad_agent' can have an error value for a short window when srpt_add_one() and srpt_remove_one() is executed simultaneously. In srpt module, added a valid pointer check for 'sport->mad_agent' before unregistering MAD agent. This issue can hit when RoCE driver unregisters ib_device Stack Trace: ------------ BUG: kernel NULL pointer dereference, address: 000000000000004d PGD 145003067 P4D 145003067 PUD 2324fe067 PMD 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 10 PID: 4459 Comm: kworker/u80:0 Kdump: loaded Tainted: P Hardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.5.4 01/13/2020 Workqueue: bnxt_re bnxt_re_task [bnxt_re] RIP: 0010:_raw_spin_lock_irqsave+0x19/0x40 Call Trace: ib_unregister_mad_agent+0x46/0x2f0 [ib_core] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready ? __schedule+0x20b/0x560 srpt_unregister_mad_agent+0x93/0xd0 [ib_srpt] srpt_remove_one+0x20/0x150 [ib_srpt] remove_client_context+0x88/0xd0 [ib_core] bond0: (slave p2p1): link status definitely up, 100000 Mbps full duplex disable_device+0x8a/0x160 [ib_core] bond0: active interface up! ? kernfs_name_hash+0x12/0x80 (NULL device *): Bonding Info Received: rdev: 000000006c0b8247 __ib_unregister_device+0x42/0xb0 [ib_core] (NULL device *): Master: mode: 4 num_slaves:2 ib_unregister_device+0x22/0x30 [ib_core] (NULL device *): Slave: id: 105069936 name:p2p1 link:0 state:0 bnxt_re_stopqps_and_ib_uninit+0x83/0x90 [bnxt_re] bnxt_re_alloc_lag+0x12e/0x4e0 [bnxt_re]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8ec6acdb9b6a80eeb…
	https://git.kernel.org/stable/c/00cc21e32ea1b8ebb…
	https://git.kernel.org/stable/c/4323aaedeba32076e…
	https://git.kernel.org/stable/c/5f6ef2a574b0e0e0e…
	https://git.kernel.org/stable/c/b713623bfef8cb1df…
	https://git.kernel.org/stable/c/eca5cd9474cd26d62…

Impacted products

Vendor

Product

Version

Linux

Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 8ec6acdb9b6a80eeb13e778dfedb5d72a88f14fe (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 00cc21e32ea1b8ebbabf5d645da9378d986bf8ba (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 4323aaedeba32076e652aad056afd7885bb96bb7 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < 5f6ef2a574b0e0e0ea46ed0022575442df9d0bf9 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < b713623bfef8cb1df9c769a3887fa10db63d1c54 (git)
Affected: a42d985bd5b234da8b61347a78dc3057bf7bb94d , < eca5cd9474cd26d62f9756f536e2e656d3f62f3a (git)

Linux

Affected: 3.3
Unaffected: 0 , < 3.3 (semver)
Unaffected: 5.10.180 , ≤ 5.10.* (semver)
Unaffected: 5.15.111 , ≤ 5.15.* (semver)
Unaffected: 6.1.28 , ≤ 6.1.* (semver)
Unaffected: 6.2.15 , ≤ 6.2.* (semver)
Unaffected: 6.3.2 , ≤ 6.3.* (semver)
Unaffected: 6.4 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/srpt/ib_srpt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8ec6acdb9b6a80eeb13e778dfedb5d72a88f14fe",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "00cc21e32ea1b8ebbabf5d645da9378d986bf8ba",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "4323aaedeba32076e652aad056afd7885bb96bb7",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "5f6ef2a574b0e0e0ea46ed0022575442df9d0bf9",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "b713623bfef8cb1df9c769a3887fa10db63d1c54",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            },
            {
              "lessThan": "eca5cd9474cd26d62f9756f536e2e656d3f62f3a",
              "status": "affected",
              "version": "a42d985bd5b234da8b61347a78dc3057bf7bb94d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/ulp/srpt/ib_srpt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.180",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.111",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.28",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.15",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.2",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Add a check for valid \u0027mad_agent\u0027 pointer\n\nWhen unregistering MAD agent, srpt module has a non-null check\nfor \u0027mad_agent\u0027 pointer before invoking ib_unregister_mad_agent().\nThis check can pass if \u0027mad_agent\u0027 variable holds an error value.\nThe \u0027mad_agent\u0027 can have an error value for a short window when\nsrpt_add_one() and srpt_remove_one() is executed simultaneously.\n\nIn srpt module, added a valid pointer check for \u0027sport-\u003emad_agent\u0027\nbefore unregistering MAD agent.\n\nThis issue can hit when RoCE driver unregisters ib_device\n\nStack Trace:\n------------\nBUG: kernel NULL pointer dereference, address: 000000000000004d\nPGD 145003067 P4D 145003067 PUD 2324fe067 PMD 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 10 PID: 4459 Comm: kworker/u80:0 Kdump: loaded Tainted: P\nHardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.5.4 01/13/2020\nWorkqueue: bnxt_re bnxt_re_task [bnxt_re]\nRIP: 0010:_raw_spin_lock_irqsave+0x19/0x40\nCall Trace:\n  ib_unregister_mad_agent+0x46/0x2f0 [ib_core]\n  IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready\n  ? __schedule+0x20b/0x560\n  srpt_unregister_mad_agent+0x93/0xd0 [ib_srpt]\n  srpt_remove_one+0x20/0x150 [ib_srpt]\n  remove_client_context+0x88/0xd0 [ib_core]\n  bond0: (slave p2p1): link status definitely up, 100000 Mbps full duplex\n  disable_device+0x8a/0x160 [ib_core]\n  bond0: active interface up!\n  ? kernfs_name_hash+0x12/0x80\n (NULL device *): Bonding Info Received: rdev: 000000006c0b8247\n  __ib_unregister_device+0x42/0xb0 [ib_core]\n (NULL device *):         Master: mode: 4 num_slaves:2\n  ib_unregister_device+0x22/0x30 [ib_core]\n (NULL device *):         Slave: id: 105069936 name:p2p1 link:0 state:0\n  bnxt_re_stopqps_and_ib_uninit+0x83/0x90 [bnxt_re]\n  bnxt_re_alloc_lag+0x12e/0x4e0 [bnxt_re]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:16:03.696Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8ec6acdb9b6a80eeb13e778dfedb5d72a88f14fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/00cc21e32ea1b8ebbabf5d645da9378d986bf8ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/4323aaedeba32076e652aad056afd7885bb96bb7"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f6ef2a574b0e0e0ea46ed0022575442df9d0bf9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b713623bfef8cb1df9c769a3887fa10db63d1c54"
        },
        {
          "url": "https://git.kernel.org/stable/c/eca5cd9474cd26d62f9756f536e2e656d3f62f3a"
        }
      ],
      "title": "RDMA/srpt: Add a check for valid \u0027mad_agent\u0027 pointer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54274",
    "datePublished": "2025-12-30T12:16:03.696Z",
    "dateReserved": "2025-12-30T12:06:44.523Z",
    "dateUpdated": "2025-12-30T12:16:03.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54274\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:16.327\",\"lastModified\":\"2025-12-31T20:42:43.210\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRDMA/srpt: Add a check for valid \u0027mad_agent\u0027 pointer\\n\\nWhen unregistering MAD agent, srpt module has a non-null check\\nfor \u0027mad_agent\u0027 pointer before invoking ib_unregister_mad_agent().\\nThis check can pass if \u0027mad_agent\u0027 variable holds an error value.\\nThe \u0027mad_agent\u0027 can have an error value for a short window when\\nsrpt_add_one() and srpt_remove_one() is executed simultaneously.\\n\\nIn srpt module, added a valid pointer check for \u0027sport-\u003emad_agent\u0027\\nbefore unregistering MAD agent.\\n\\nThis issue can hit when RoCE driver unregisters ib_device\\n\\nStack Trace:\\n------------\\nBUG: kernel NULL pointer dereference, address: 000000000000004d\\nPGD 145003067 P4D 145003067 PUD 2324fe067 PMD 0\\nOops: 0002 [#1] PREEMPT SMP NOPTI\\nCPU: 10 PID: 4459 Comm: kworker/u80:0 Kdump: loaded Tainted: P\\nHardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.5.4 01/13/2020\\nWorkqueue: bnxt_re bnxt_re_task [bnxt_re]\\nRIP: 0010:_raw_spin_lock_irqsave+0x19/0x40\\nCall Trace:\\n  ib_unregister_mad_agent+0x46/0x2f0 [ib_core]\\n  IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready\\n  ? __schedule+0x20b/0x560\\n  srpt_unregister_mad_agent+0x93/0xd0 [ib_srpt]\\n  srpt_remove_one+0x20/0x150 [ib_srpt]\\n  remove_client_context+0x88/0xd0 [ib_core]\\n  bond0: (slave p2p1): link status definitely up, 100000 Mbps full duplex\\n  disable_device+0x8a/0x160 [ib_core]\\n  bond0: active interface up!\\n  ? kernfs_name_hash+0x12/0x80\\n (NULL device *): Bonding Info Received: rdev: 000000006c0b8247\\n  __ib_unregister_device+0x42/0xb0 [ib_core]\\n (NULL device *):         Master: mode: 4 num_slaves:2\\n  ib_unregister_device+0x22/0x30 [ib_core]\\n (NULL device *):         Slave: id: 105069936 name:p2p1 link:0 state:0\\n  bnxt_re_stopqps_and_ib_uninit+0x83/0x90 [bnxt_re]\\n  bnxt_re_alloc_lag+0x12e/0x4e0 [bnxt_re]\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/00cc21e32ea1b8ebbabf5d645da9378d986bf8ba\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4323aaedeba32076e652aad056afd7885bb96bb7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5f6ef2a574b0e0e0ea46ed0022575442df9d0bf9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8ec6acdb9b6a80eeb13e778dfedb5d72a88f14fe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b713623bfef8cb1df9c769a3887fa10db63d1c54\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/eca5cd9474cd26d62f9756f536e2e656d3f62f3a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

FKIE_CVE-2023-54274

Vulnerability from fkie_nvd - Published: 2025-12-30 13:16 - Updated: 2025-12-31 20:42

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/00cc21e32ea1b8ebbabf5d645da9378d986bf8ba
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4323aaedeba32076e652aad056afd7885bb96bb7
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/5f6ef2a574b0e0e0ea46ed0022575442df9d0bf9
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8ec6acdb9b6a80eeb13e778dfedb5d72a88f14fe
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/b713623bfef8cb1df9c769a3887fa10db63d1c54
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/eca5cd9474cd26d62f9756f536e2e656d3f62f3a

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Add a check for valid \u0027mad_agent\u0027 pointer\n\nWhen unregistering MAD agent, srpt module has a non-null check\nfor \u0027mad_agent\u0027 pointer before invoking ib_unregister_mad_agent().\nThis check can pass if \u0027mad_agent\u0027 variable holds an error value.\nThe \u0027mad_agent\u0027 can have an error value for a short window when\nsrpt_add_one() and srpt_remove_one() is executed simultaneously.\n\nIn srpt module, added a valid pointer check for \u0027sport-\u003emad_agent\u0027\nbefore unregistering MAD agent.\n\nThis issue can hit when RoCE driver unregisters ib_device\n\nStack Trace:\n------------\nBUG: kernel NULL pointer dereference, address: 000000000000004d\nPGD 145003067 P4D 145003067 PUD 2324fe067 PMD 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 10 PID: 4459 Comm: kworker/u80:0 Kdump: loaded Tainted: P\nHardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.5.4 01/13/2020\nWorkqueue: bnxt_re bnxt_re_task [bnxt_re]\nRIP: 0010:_raw_spin_lock_irqsave+0x19/0x40\nCall Trace:\n  ib_unregister_mad_agent+0x46/0x2f0 [ib_core]\n  IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready\n  ? __schedule+0x20b/0x560\n  srpt_unregister_mad_agent+0x93/0xd0 [ib_srpt]\n  srpt_remove_one+0x20/0x150 [ib_srpt]\n  remove_client_context+0x88/0xd0 [ib_core]\n  bond0: (slave p2p1): link status definitely up, 100000 Mbps full duplex\n  disable_device+0x8a/0x160 [ib_core]\n  bond0: active interface up!\n  ? kernfs_name_hash+0x12/0x80\n (NULL device *): Bonding Info Received: rdev: 000000006c0b8247\n  __ib_unregister_device+0x42/0xb0 [ib_core]\n (NULL device *):         Master: mode: 4 num_slaves:2\n  ib_unregister_device+0x22/0x30 [ib_core]\n (NULL device *):         Slave: id: 105069936 name:p2p1 link:0 state:0\n  bnxt_re_stopqps_and_ib_uninit+0x83/0x90 [bnxt_re]\n  bnxt_re_alloc_lag+0x12e/0x4e0 [bnxt_re]"
    }
  ],
  "id": "CVE-2023-54274",
  "lastModified": "2025-12-31T20:42:43.210",
  "metrics": {},
  "published": "2025-12-30T13:16:16.327",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/00cc21e32ea1b8ebbabf5d645da9378d986bf8ba"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4323aaedeba32076e652aad056afd7885bb96bb7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5f6ef2a574b0e0e0ea46ed0022575442df9d0bf9"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8ec6acdb9b6a80eeb13e778dfedb5d72a88f14fe"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/b713623bfef8cb1df9c769a3887fa10db63d1c54"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/eca5cd9474cd26d62f9756f536e2e656d3f62f3a"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

GHSA-JWMJ-482Q-J9C2

Vulnerability from github – Published: 2025-12-30 15:30 – Updated: 2025-12-30 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/srpt: Add a check for valid 'mad_agent' pointer

When unregistering MAD agent, srpt module has a non-null check for 'mad_agent' pointer before invoking ib_unregister_mad_agent(). This check can pass if 'mad_agent' variable holds an error value. The 'mad_agent' can have an error value for a short window when srpt_add_one() and srpt_remove_one() is executed simultaneously.

In srpt module, added a valid pointer check for 'sport->mad_agent' before unregistering MAD agent.

This issue can hit when RoCE driver unregisters ib_device

Stack Trace:

BUG: kernel NULL pointer dereference, address: 000000000000004d PGD 145003067 P4D 145003067 PUD 2324fe067 PMD 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 10 PID: 4459 Comm: kworker/u80:0 Kdump: loaded Tainted: P Hardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.5.4 01/13/2020 Workqueue: bnxt_re bnxt_re_task [bnxt_re] RIP: 0010:_raw_spin_lock_irqsave+0x19/0x40 Call Trace: ib_unregister_mad_agent+0x46/0x2f0 [ib_core] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready ? __schedule+0x20b/0x560 srpt_unregister_mad_agent+0x93/0xd0 [ib_srpt] srpt_remove_one+0x20/0x150 [ib_srpt] remove_client_context+0x88/0xd0 [ib_core] bond0: (slave p2p1): link status definitely up, 100000 Mbps full duplex disable_device+0x8a/0x160 [ib_core] bond0: active interface up! ? kernfs_name_hash+0x12/0x80 (NULL device ): Bonding Info Received: rdev: 000000006c0b8247 __ib_unregister_device+0x42/0xb0 [ib_core] (NULL device ): Master: mode: 4 num_slaves:2 ib_unregister_device+0x22/0x30 [ib_core] (NULL device *): Slave: id: 105069936 name:p2p1 link:0 state:0 bnxt_re_stopqps_and_ib_uninit+0x83/0x90 [bnxt_re] bnxt_re_alloc_lag+0x12e/0x4e0 [bnxt_re]

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-54274"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-30T13:16:16Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Add a check for valid \u0027mad_agent\u0027 pointer\n\nWhen unregistering MAD agent, srpt module has a non-null check\nfor \u0027mad_agent\u0027 pointer before invoking ib_unregister_mad_agent().\nThis check can pass if \u0027mad_agent\u0027 variable holds an error value.\nThe \u0027mad_agent\u0027 can have an error value for a short window when\nsrpt_add_one() and srpt_remove_one() is executed simultaneously.\n\nIn srpt module, added a valid pointer check for \u0027sport-\u003emad_agent\u0027\nbefore unregistering MAD agent.\n\nThis issue can hit when RoCE driver unregisters ib_device\n\nStack Trace:\n------------\nBUG: kernel NULL pointer dereference, address: 000000000000004d\nPGD 145003067 P4D 145003067 PUD 2324fe067 PMD 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 10 PID: 4459 Comm: kworker/u80:0 Kdump: loaded Tainted: P\nHardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.5.4 01/13/2020\nWorkqueue: bnxt_re bnxt_re_task [bnxt_re]\nRIP: 0010:_raw_spin_lock_irqsave+0x19/0x40\nCall Trace:\n  ib_unregister_mad_agent+0x46/0x2f0 [ib_core]\n  IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready\n  ? __schedule+0x20b/0x560\n  srpt_unregister_mad_agent+0x93/0xd0 [ib_srpt]\n  srpt_remove_one+0x20/0x150 [ib_srpt]\n  remove_client_context+0x88/0xd0 [ib_core]\n  bond0: (slave p2p1): link status definitely up, 100000 Mbps full duplex\n  disable_device+0x8a/0x160 [ib_core]\n  bond0: active interface up!\n  ? kernfs_name_hash+0x12/0x80\n (NULL device *): Bonding Info Received: rdev: 000000006c0b8247\n  __ib_unregister_device+0x42/0xb0 [ib_core]\n (NULL device *):         Master: mode: 4 num_slaves:2\n  ib_unregister_device+0x22/0x30 [ib_core]\n (NULL device *):         Slave: id: 105069936 name:p2p1 link:0 state:0\n  bnxt_re_stopqps_and_ib_uninit+0x83/0x90 [bnxt_re]\n  bnxt_re_alloc_lag+0x12e/0x4e0 [bnxt_re]",
  "id": "GHSA-jwmj-482q-j9c2",
  "modified": "2025-12-30T15:30:34Z",
  "published": "2025-12-30T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54274"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/00cc21e32ea1b8ebbabf5d645da9378d986bf8ba"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4323aaedeba32076e652aad056afd7885bb96bb7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f6ef2a574b0e0e0ea46ed0022575442df9d0bf9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ec6acdb9b6a80eeb13e778dfedb5d72a88f14fe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b713623bfef8cb1df9c769a3887fa10db63d1c54"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eca5cd9474cd26d62f9756f536e2e656d3f62f3a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-54274 (GCVE-0-2023-54274)

FKIE_CVE-2023-54274

GHSA-JWMJ-482Q-J9C2

Stack Trace:

Tags

Sightings

Nomenclature