Fluid Attacks Database

Description

The Linux kernel contains a race condition vulnerability in its RDMA/irdma subsystem, where completion queue pair (CQP) completion statistics are read concurrently without adequate synchronization while being updated on another CPU. Under certain workloads, a lack of atomic operations and improper locking can lead to data inconsistency and unpredictable kernel behavior due to torn reads/writes and compiler optimization effects. This could potentially be exploited by a local user to trigger a kernel crash or denial of service (DoS) condition

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	linux	=6.1.27-1 \|\| =6.1.37-1 \|\| =6.1.38-1 \|\| =6.1.38-2 \|\| =6.1.38-2~bpo11+1 \|\| =6.1.38-3 \|\| =6.1.38-4 \|\| =6.1.38-4~bpo11+1 \|\| >=0 <6.1.52-1	6.1.52-1
debian 13	linux	>=0 <6.4.11-1	6.4.11-1
debian 14	linux	>=0 <6.4.11-1	6.4.11-1
rpm rhel8	kernel	-	-
rpm rhel9	kernel	<0:5.14.0-427.13.1.el9_4	0:5.14.0-427.13.1.el9_4
rpm rhel8	kernel-rt	-	-
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2023-543022. NVD-2023-543023. OSV-DEBIAN-2023-543024. OSV-2023-543025. SECURITY-TRACKER-CVE-2023-54302

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.