Improper locking in Linux kernel mlx5 core driver

Published: 2024-06-13 | Updated: 2025-05-13

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2023-52782
CWE-ID	CWE-667
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU92015

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52782

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mlx5e_txwqe_complete() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.5 - 6.7 rc7

CPE2.3

External links

https://git.kernel.org/stable/c/a9d6c0c5a6bd9ca88e964f8843ea41bc085de866
https://git.kernel.org/stable/c/4d510506b46504664eacf8a44a9e8f3e54c137b8
https://git.kernel.org/stable/c/7e3f3ba97e6cc6fce5bf62df2ca06c8e59040167
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.