| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123026-CVE-2023-54219-f260@gregkh>
Date: Tue, 30 Dec 2025 13:13:49 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-54219: Revert "IB/isert: Fix incorrect release of isert connection"
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
Revert "IB/isert: Fix incorrect release of isert connection"
Commit: 699826f4e30a ("IB/isert: Fix incorrect release of isert connection") is
causing problems on OPA when DEVICE_REMOVAL is happening.
------------[ cut here ]------------
WARNING: CPU: 52 PID: 2117247 at drivers/infiniband/core/cq.c:359
ib_cq_pool_cleanup+0xac/0xb0 [ib_core]
Modules linked in: nfsd nfs_acl target_core_user uio tcm_fc libfc
scsi_transport_fc tcm_loop target_core_pscsi target_core_iblock target_core_file
rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs
rfkill rpcrdma rdma_ucm ib_srpt sunrpc ib_isert iscsi_target_mod target_core_mod
opa_vnic ib_iser libiscsi ib_umad scsi_transport_iscsi rdma_cm ib_ipoib iw_cm
ib_cm hfi1(-) rdmavt ib_uverbs intel_rapl_msr intel_rapl_common sb_edac ib_core
x86_pkg_temp_thermal intel_powerclamp coretemp i2c_i801 mxm_wmi rapl iTCO_wdt
ipmi_si iTCO_vendor_support mei_me ipmi_devintf mei intel_cstate ioatdma
intel_uncore i2c_smbus joydev pcspkr lpc_ich ipmi_msghandler acpi_power_meter
acpi_pad xfs libcrc32c sr_mod sd_mod cdrom t10_pi sg crct10dif_pclmul
crc32_pclmul crc32c_intel drm_kms_helper drm_shmem_helper ahci libahci
ghash_clmulni_intel igb drm libata dca i2c_algo_bit wmi fuse
CPU: 52 PID: 2117247 Comm: modprobe Not tainted 6.5.0-rc1+ #1
Hardware name: Intel Corporation S2600CWR/S2600CW, BIOS
SE5C610.86B.01.01.0014.121820151719 12/18/2015
RIP: 0010:ib_cq_pool_cleanup+0xac/0xb0 [ib_core]
Code: ff 48 8b 43 40 48 8d 7b 40 48 83 e8 40 4c 39 e7 75 b3 49 83
c4 10 4d 39 fc 75 94 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc <0f> 0b eb a1
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f
RSP: 0018:ffffc10bea13fc80 EFLAGS: 00010206
RAX: 000000000000010c RBX: ffff9bf5c7e66c00 RCX: 000000008020001d
RDX: 000000008020001e RSI: fffff175221f9900 RDI: ffff9bf5c7e67640
RBP: ffff9bf5c7e67600 R08: ffff9bf5c7e64400 R09: 000000008020001d
R10: 0000000040000000 R11: 0000000000000000 R12: ffff9bee4b1e8a18
R13: dead000000000122 R14: dead000000000100 R15: ffff9bee4b1e8a38
FS: 00007ff1e6d38740(0000) GS:ffff9bfd9fb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005652044ecc68 CR3: 0000000889b5c005 CR4: 00000000001706e0
Call Trace:
<TASK>
? __warn+0x80/0x130
? ib_cq_pool_cleanup+0xac/0xb0 [ib_core]
? report_bug+0x195/0x1a0
? handle_bug+0x3c/0x70
? exc_invalid_op+0x14/0x70
? asm_exc_invalid_op+0x16/0x20
? ib_cq_pool_cleanup+0xac/0xb0 [ib_core]
disable_device+0x9d/0x160 [ib_core]
__ib_unregister_device+0x42/0xb0 [ib_core]
ib_unregister_device+0x22/0x30 [ib_core]
rvt_unregister_device+0x20/0x90 [rdmavt]
hfi1_unregister_ib_device+0x16/0xf0 [hfi1]
remove_one+0x55/0x1a0 [hfi1]
pci_device_remove+0x36/0xa0
device_release_driver_internal+0x193/0x200
driver_detach+0x44/0x90
bus_remove_driver+0x69/0xf0
pci_unregister_driver+0x2a/0xb0
hfi1_mod_cleanup+0xc/0x3c [hfi1]
__do_sys_delete_module.constprop.0+0x17a/0x2f0
? exit_to_user_mode_prepare+0xc4/0xd0
? syscall_trace_enter.constprop.0+0x126/0x1a0
do_syscall_64+0x5c/0x90
? syscall_exit_to_user_mode+0x12/0x30
? do_syscall_64+0x69/0x90
? syscall_exit_work+0x103/0x130
? syscall_exit_to_user_mode+0x12/0x30
? do_syscall_64+0x69/0x90
? exc_page_fault+0x65/0x150
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x7ff1e643f5ab
Code: 73 01 c3 48 8b 0d 75 a8 1b 00 f7 d8 64 89 01 48 83 c8 ff c3
66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 <48> 3d 01 f0
ff ff 73 01 c3 48 8b 0d 45 a8 1b 00 f7 d8 64 89 01 48
RSP: 002b:00007ffec9103cc8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
RAX: ffffffffffffffda RBX: 00005615267fdc50 RCX: 00007ff1e643f5ab
RDX: 0000000000000000 RSI: 0000000000000800 RDI: 00005615267fdcb8
RBP: 00005615267fdc50 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ff1e659eac0 R11: 0000000000000206 R12: 00005615267fdcb8
R13: 0000000000000000 R14: 00005615267fdcb8 R15: 00007ffec9105ff8
</TASK>
---[ end trace 0000000000000000 ]---
And...
restrack: ------------[ cut here ]------------
infiniband hfi1_0: BUG: RESTRACK detected leak of resources
restrack: Kernel PD object allocated by ib_isert is not freed
restrack: Kernel CQ object allocated by ib_core is not freed
restrack: Kernel QP object allocated by rdma_cm is not freed
restrack: ------------[ cut here ]------------
The Linux kernel CVE team has assigned CVE-2023-54219 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.14.319 with commit ccf5a1b28e2b73952e8d23126fa1abc6ff99de55 and fixed in 4.14.326 with commit 77e90bd53019d4d4c9e25552b5efb06dfd8c3c82
Issue introduced in 4.19.287 with commit fb4043077b51e577ecccb3233ecfb8764fcea393 and fixed in 4.19.295 with commit a277b736309f923d9baff0ef166d694d348a5b96
Issue introduced in 5.4.248 with commit 6718478c18a4f4923d86b81dc7e51363e1a60b03 and fixed in 5.4.257 with commit 9b6296861a5a9d58aacd72c249a68b073c78bfb4
Issue introduced in 5.10.185 with commit 3c97f2c9ec29ce2f61772f6120aabc852f57132e and fixed in 5.10.195 with commit aa950b9835f2d004b071fd220459edd3cd0a3603
Issue introduced in 5.15.118 with commit 18512de74454fba6ebd06e579f4f1a3200a9e50d and fixed in 5.15.132 with commit 1bb42aca7a9611c1991a790834e2a65f3345c5e8
Issue introduced in 6.1.35 with commit 277fbf63b34a377c800d25c7cfd8231ba19cffe2 and fixed in 6.1.53 with commit 3f39698e7e842abc9bd2bd97bf5eeda4543db758
Issue introduced in 6.4 with commit 699826f4e30ab76a62c238c86fbef7e826639c8d and fixed in 6.4.16 with commit 4082b59705ee9e3912eaa9e15abda8e76039b681
Issue introduced in 6.4 with commit 699826f4e30ab76a62c238c86fbef7e826639c8d and fixed in 6.5.3 with commit a3189341e2f609d48f730b18c8bbbf6783233477
Issue introduced in 6.4 with commit 699826f4e30ab76a62c238c86fbef7e826639c8d and fixed in 6.6 with commit dfe261107c080709459c32695847eec96238852b
Issue introduced in 6.3.9 with commit 2f884e6df67347301e51e6be5ad4b61cc8989114
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2023-54219
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/infiniband/ulp/isert/ib_isert.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/77e90bd53019d4d4c9e25552b5efb06dfd8c3c82
https://git.kernel.org/stable/c/a277b736309f923d9baff0ef166d694d348a5b96
https://git.kernel.org/stable/c/9b6296861a5a9d58aacd72c249a68b073c78bfb4
https://git.kernel.org/stable/c/aa950b9835f2d004b071fd220459edd3cd0a3603
https://git.kernel.org/stable/c/1bb42aca7a9611c1991a790834e2a65f3345c5e8
https://git.kernel.org/stable/c/3f39698e7e842abc9bd2bd97bf5eeda4543db758
https://git.kernel.org/stable/c/4082b59705ee9e3912eaa9e15abda8e76039b681
https://git.kernel.org/stable/c/a3189341e2f609d48f730b18c8bbbf6783233477
https://git.kernel.org/stable/c/dfe261107c080709459c32695847eec96238852b
Powered by blists - more mailing lists