CVE-2023-54318 (GCVE-0-2023-54318)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:23 – Updated: 2025-12-30 12:23
VLAI?
Title
net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add
Summary
In the Linux kernel, the following vulnerability has been resolved: net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add While doing smcr_port_add, there maybe linkgroup add into or delete from smc_lgr_list.list at the same time, which may result kernel crash. So, use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add. The crash calltrace show below: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 0 PID: 559726 Comm: kworker/0:92 Kdump: loaded Tainted: G Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 449e491 04/01/2014 Workqueue: events smc_ib_port_event_work [smc] RIP: 0010:smcr_port_add+0xa6/0xf0 [smc] RSP: 0000:ffffa5a2c8f67de0 EFLAGS: 00010297 RAX: 0000000000000001 RBX: ffff9935e0650000 RCX: 0000000000000000 RDX: 0000000000000010 RSI: ffff9935e0654290 RDI: ffff9935c8560000 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff9934c0401918 R10: 0000000000000000 R11: ffffffffb4a5c278 R12: ffff99364029aae4 R13: ffff99364029aa00 R14: 00000000ffffffed R15: ffff99364029ab08 FS: 0000000000000000(0000) GS:ffff994380600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000f06a10003 CR4: 0000000002770ef0 PKRU: 55555554 Call Trace: smc_ib_port_event_work+0x18f/0x380 [smc] process_one_work+0x19b/0x340 worker_thread+0x30/0x370 ? process_one_work+0x340/0x340 kthread+0x114/0x130 ? __kthread_cancel_work+0x50/0x50 ret_from_fork+0x1f/0x30
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 1f90a05d9ff907c70456e7c9d7058372679a88c6 , < d1c6c93c27a4bf48006ab16cd9b38d85559d7645 (git)
Affected: 1f90a05d9ff907c70456e7c9d7058372679a88c6 , < 06b4934ab2b534bb92935c7601852066ebb9eab8 (git)
Affected: 1f90a05d9ff907c70456e7c9d7058372679a88c6 , < 70c8d17007dc4a07156b7da44509527990e569b3 (git)
Affected: 1f90a05d9ff907c70456e7c9d7058372679a88c6 , < b717463610a27fc0b58484cfead7a623d5913e61 (git)
Affected: 1f90a05d9ff907c70456e7c9d7058372679a88c6 , < f5146e3ef0a9eea405874b36178c19a4863b8989 (git)
Create a notification for this product.
    Linux Linux Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.195 , ≤ 5.10.* (semver)
Unaffected: 5.15.132 , ≤ 5.15.* (semver)
Unaffected: 6.1.54 , ≤ 6.1.* (semver)
Unaffected: 6.5.4 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d1c6c93c27a4bf48006ab16cd9b38d85559d7645",
              "status": "affected",
              "version": "1f90a05d9ff907c70456e7c9d7058372679a88c6",
              "versionType": "git"
            },
            {
              "lessThan": "06b4934ab2b534bb92935c7601852066ebb9eab8",
              "status": "affected",
              "version": "1f90a05d9ff907c70456e7c9d7058372679a88c6",
              "versionType": "git"
            },
            {
              "lessThan": "70c8d17007dc4a07156b7da44509527990e569b3",
              "status": "affected",
              "version": "1f90a05d9ff907c70456e7c9d7058372679a88c6",
              "versionType": "git"
            },
            {
              "lessThan": "b717463610a27fc0b58484cfead7a623d5913e61",
              "status": "affected",
              "version": "1f90a05d9ff907c70456e7c9d7058372679a88c6",
              "versionType": "git"
            },
            {
              "lessThan": "f5146e3ef0a9eea405874b36178c19a4863b8989",
              "status": "affected",
              "version": "1f90a05d9ff907c70456e7c9d7058372679a88c6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.132",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.195",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.132",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.54",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.4",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add\n\nWhile doing smcr_port_add, there maybe linkgroup add into or delete\nfrom smc_lgr_list.list at the same time, which may result kernel crash.\nSo, use smc_lgr_list.lock to protect smc_lgr_list.list iterate in\nsmcr_port_add.\n\nThe crash calltrace show below:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 0 PID: 559726 Comm: kworker/0:92 Kdump: loaded Tainted: G\nHardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 449e491 04/01/2014\nWorkqueue: events smc_ib_port_event_work [smc]\nRIP: 0010:smcr_port_add+0xa6/0xf0 [smc]\nRSP: 0000:ffffa5a2c8f67de0 EFLAGS: 00010297\nRAX: 0000000000000001 RBX: ffff9935e0650000 RCX: 0000000000000000\nRDX: 0000000000000010 RSI: ffff9935e0654290 RDI: ffff9935c8560000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffff9934c0401918\nR10: 0000000000000000 R11: ffffffffb4a5c278 R12: ffff99364029aae4\nR13: ffff99364029aa00 R14: 00000000ffffffed R15: ffff99364029ab08\nFS:  0000000000000000(0000) GS:ffff994380600000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 0000000f06a10003 CR4: 0000000002770ef0\nPKRU: 55555554\nCall Trace:\n smc_ib_port_event_work+0x18f/0x380 [smc]\n process_one_work+0x19b/0x340\n worker_thread+0x30/0x370\n ? process_one_work+0x340/0x340\n kthread+0x114/0x130\n ? __kthread_cancel_work+0x50/0x50\n ret_from_fork+0x1f/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:23:48.134Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d1c6c93c27a4bf48006ab16cd9b38d85559d7645"
        },
        {
          "url": "https://git.kernel.org/stable/c/06b4934ab2b534bb92935c7601852066ebb9eab8"
        },
        {
          "url": "https://git.kernel.org/stable/c/70c8d17007dc4a07156b7da44509527990e569b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b717463610a27fc0b58484cfead7a623d5913e61"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5146e3ef0a9eea405874b36178c19a4863b8989"
        }
      ],
      "title": "net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54318",
    "datePublished": "2025-12-30T12:23:48.134Z",
    "dateReserved": "2025-12-30T12:06:44.531Z",
    "dateUpdated": "2025-12-30T12:23:48.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54318\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:21.090\",\"lastModified\":\"2025-12-30T13:16:21.090\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add\\n\\nWhile doing smcr_port_add, there maybe linkgroup add into or delete\\nfrom smc_lgr_list.list at the same time, which may result kernel crash.\\nSo, use smc_lgr_list.lock to protect smc_lgr_list.list iterate in\\nsmcr_port_add.\\n\\nThe crash calltrace show below:\\nBUG: kernel NULL pointer dereference, address: 0000000000000000\\nPGD 0 P4D 0\\nOops: 0000 [#1] SMP NOPTI\\nCPU: 0 PID: 559726 Comm: kworker/0:92 Kdump: loaded Tainted: G\\nHardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 449e491 04/01/2014\\nWorkqueue: events smc_ib_port_event_work [smc]\\nRIP: 0010:smcr_port_add+0xa6/0xf0 [smc]\\nRSP: 0000:ffffa5a2c8f67de0 EFLAGS: 00010297\\nRAX: 0000000000000001 RBX: ffff9935e0650000 RCX: 0000000000000000\\nRDX: 0000000000000010 RSI: ffff9935e0654290 RDI: ffff9935c8560000\\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffff9934c0401918\\nR10: 0000000000000000 R11: ffffffffb4a5c278 R12: ffff99364029aae4\\nR13: ffff99364029aa00 R14: 00000000ffffffed R15: ffff99364029ab08\\nFS:  0000000000000000(0000) GS:ffff994380600000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 0000000000000000 CR3: 0000000f06a10003 CR4: 0000000002770ef0\\nPKRU: 55555554\\nCall Trace:\\n smc_ib_port_event_work+0x18f/0x380 [smc]\\n process_one_work+0x19b/0x340\\n worker_thread+0x30/0x370\\n ? process_one_work+0x340/0x340\\n kthread+0x114/0x130\\n ? __kthread_cancel_work+0x50/0x50\\n ret_from_fork+0x1f/0x30\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/06b4934ab2b534bb92935c7601852066ebb9eab8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/70c8d17007dc4a07156b7da44509527990e569b3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b717463610a27fc0b58484cfead7a623d5913e61\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d1c6c93c27a4bf48006ab16cd9b38d85559d7645\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f5146e3ef0a9eea405874b36178c19a4863b8989\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.