{"id":"CVE-2023-54223","summary":"net/mlx5e: xsk: Fix invalid buffer access for legacy rq","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: xsk: Fix invalid buffer access for legacy rq\n\nThe below crash can be encountered when using xdpsock in rx mode for\nlegacy rq: the buffer gets released in the XDP_REDIRECT path, and then\nonce again in the driver. This fix sets the flag to avoid releasing on\nthe driver side.\n\nXSK handling of buffers for legacy rq was relying on the caller to set\nthe skip release flag. But the referenced fix started using fragment\ncounts for pages instead of the skip flag.\n\nCrash log:\n general protection fault, probably for non-canonical address 0xffff8881217e3a: 0000 [#1] SMP\n CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 6.5.0-rc1+ #31\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:bpf_prog_03b13f331978c78c+0xf/0x28\n Code:  ...\n RSP: 0018:ffff88810082fc98 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff888138404901 RCX: c0ffffc900027cbc\n RDX: ffffffffa000b514 RSI: 00ffff8881217e32 RDI: ffff888138404901\n RBP: ffff88810082fc98 R08: 0000000000091100 R09: 0000000000000006\n R10: 0000000000000800 R11: 0000000000000800 R12: ffffc9000027a000\n R13: ffff8881217e2dc0 R14: ffff8881217e2910 R15: ffff8881217e2f00\n FS:  0000000000000000(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000564cb2e2cde0 CR3: 000000010e603004 CR4: 0000000000370eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n  \u003cTASK\u003e\n  ? die_addr+0x32/0x80\n  ? exc_general_protection+0x192/0x390\n  ? asm_exc_general_protection+0x22/0x30\n  ? 0xffffffffa000b514\n  ? bpf_prog_03b13f331978c78c+0xf/0x28\n  mlx5e_xdp_handle+0x48/0x670 [mlx5_core]\n  ? dev_gro_receive+0x3b5/0x6e0\n  mlx5e_xsk_skb_from_cqe_linear+0x6e/0x90 [mlx5_core]\n  mlx5e_handle_rx_cqe+0x55/0x100 [mlx5_core]\n  mlx5e_poll_rx_cq+0x87/0x6e0 [mlx5_core]\n  mlx5e_napi_poll+0x45e/0x6b0 [mlx5_core]\n  __napi_poll+0x25/0x1a0\n  net_rx_action+0x28a/0x300\n  __do_softirq+0xcd/0x279\n  ? sort_range+0x20/0x20\n  run_ksoftirqd+0x1a/0x20\n  smpboot_thread_fn+0xa2/0x130\n  kthread+0xc9/0xf0\n  ? kthread_complete_and_exit+0x20/0x20\n  ret_from_fork+0x1f/0x30\n  \u003c/TASK\u003e\n Modules linked in: mlx5_ib mlx5_core rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay zram zsmalloc fuse [last unloaded: mlx5_core]\n ---[ end trace 0000000000000000 ]---","modified":"2026-03-31T17:29:24.644766682Z","published":"2025-12-30T12:11:17.389Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54223.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/58a113a35846d9a5bd759beb332e551e28451f09"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e0f52298fee449fec37e3e3c32df60008b509b16"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54223.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54223"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"cbb5379362513cbff450df0457dc370da7244bec"},{"fixed":"58a113a35846d9a5bd759beb332e551e28451f09"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7abd955a58fb0fcd4e756fa2065c03ae488fcfa7"},{"fixed":"e0f52298fee449fec37e3e3c32df60008b509b16"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54223.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.4.5"},{"fixed":"6.4.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54223.json"}}],"schema_version":"1.7.5"}