NVD

CVE-2023-53393 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device Currently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0), there is a special handling in order to use the correct counters, but, port_num is being passed down the stack without any change. Also, some functions assume that port_num >=1. As a result, the following oops can occur. BUG: unable to handle page fault for address: ffff89510294f1a8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 8 PID: 1382 Comm: devlink Tainted: G W 6.1.0-rc4_for_upstream_base_2022_11_10_16_12 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:_raw_spin_lock+0xc/0x20 Call Trace: <TASK> mlx5_ib_get_native_port_mdev+0x73/0xe0 [mlx5_ib] do_get_hw_stats.constprop.0+0x109/0x160 [mlx5_ib] mlx5_ib_get_hw_stats+0xad/0x180 [mlx5_ib] ib_setup_device_attrs+0xf0/0x290 [ib_core] ib_register_device+0x3bb/0x510 [ib_core] ? atomic_notifier_chain_register+0x67/0x80 __mlx5_ib_add+0x2b/0x80 [mlx5_ib] mlx5r_probe+0xb8/0x150 [mlx5_ib] ? auxiliary_match_id+0x6a/0x90 auxiliary_bus_probe+0x3c/0x70 ? driver_sysfs_add+0x6b/0x90 really_probe+0xcd/0x380 __driver_probe_device+0x80/0x170 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 ? driver_allows_async_probing+0x60/0x60 ? driver_allows_async_probing+0x60/0x60 bus_for_each_drv+0x7b/0xc0 __device_attach+0xbc/0x200 bus_probe_device+0x87/0xa0 device_add+0x404/0x940 ? dev_set_name+0x53/0x70 __auxiliary_device_add+0x43/0x60 add_adev+0x99/0xe0 [mlx5_core] mlx5_attach_device+0xc8/0x120 [mlx5_core] mlx5_load_one_devl_locked+0xb2/0xe0 [mlx5_core] devlink_reload+0x133/0x250 devlink_nl_cmd_reload+0x480/0x570 ? devlink_nl_pre_doit+0x44/0x2b0 genl_family_rcv_msg_doit.isra.0+0xc2/0x110 genl_rcv_msg+0x180/0x2b0 ? devlink_nl_cmd_region_read_dumpit+0x540/0x540 ? devlink_reload+0x250/0x250 ? devlink_put+0x50/0x50 ? genl_family_rcv_msg_doit.isra.0+0x110/0x110 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x1f6/0x2c0 netlink_sendmsg+0x237/0x490 sock_sendmsg+0x33/0x40 __sys_sendto+0x103/0x160 ? handle_mm_fault+0x10e/0x290 ? do_user_addr_fault+0x1c0/0x5f0 __x64_sys_sendto+0x25/0x30 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Fix it by setting port_num to 1 in order to get device status and remove unused variable.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

ADP: CISA-ADP

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/38b50aa44495d5eb4218f0b82fc2da76505cec53	kernel.org	Patch
https://git.kernel.org/stable/c/8d89870d63758363b07ace5c2df82d6bf865f78b	kernel.org	Patch
https://git.kernel.org/stable/c/9a97da4674b890b4c28f5f12beba8c33a9cd2f49	kernel.org	Patch
https://git.kernel.org/stable/c/e597b003c736217b0c99ccf1b240c25009105238	kernel.org	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

CVE Modified by kernel.org 6/17/2026 2:45:11 AM

Action

Type

Old Value

New Value

Added

Affected

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/hw/mlx5/counters.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"aac4492ef23a176b6f1a41aadb99177eceb1fc06","lessThan":"8d89870d63758363b07ace5c2df82d6bf865f78b","versionType":"git","status":"affected"},{"version":"aac4492ef23a176b6f1a41aadb99177eceb1fc06","lessThan":"9a97da4674b890b4c28f5f12beba8c33a9cd2f49","versionType":"git","status":"affected"},{"version":"aac4492ef23a176b6f1a41aadb99177eceb1fc06","lessThan":"e597b003c736217b0c99ccf1b240c25009105238","versionType":"git","status":"affected"},{"version":"aac4492ef23a176b6f1a41aadb99177eceb1fc06","lessThan":"38b50aa44495d5eb4218f0b82fc2da76505cec53","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/hw/mlx5/counters.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.16","status":"affected"},{"version":"0","lessThan":"4.16","versionType":"semver","status":"unaffected"},{"version":"5.15.87","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.0.19","lessThanOrEqual":"6.0.*","versionType":"semver","status":"unaffected"},{"version":"6.1.5","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.2","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

Initial Analysis by NIST 12/12/2025 2:35:11 PM

Action	Type	New Value
Added	CVSS V3.1	AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE	NVD-CWE-noinfo
Added	CPE Configuration	OR cpe:2.3:o:linux:linux_kernel:6.2:rc1::::::* cpe:2.3:o:linux:linux_kernel:6.2:rc2::::::* cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 6.1 up to (excluding) 6.1.5 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.16 up to (excluding) 6.0.19 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.16 up to (excluding) 5.15.87
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/38b50aa44495d5eb4218f0b82fc2da76505cec53 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/8d89870d63758363b07ace5c2df82d6bf865f78b Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/9a97da4674b890b4c28f5f12beba8c33a9cd2f49 Types: Patch
Added	Reference Type	kernel.org: https://git.kernel.org/stable/c/e597b003c736217b0c99ccf1b240c25009105238 Types: Patch

New CVE Received from kernel.org 9/18/2025 10:15:42 AM

Action	Type	New Value
Added	Description	Record truncated, showing 2048 of 2589 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device Currently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0), there is a special handling in order to use the correct counters, but, port_num is being passed down the stack without any change. Also, some functions assume that port_num >=1. As a result, the following oops can occur. BUG: unable to handle page fault for address: ffff89510294f1a8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP CPU: 8 PID: 1382 Comm: devlink Tainted: G W 6.1.0-rc4_for_upstream_base_2022_11_10_16_12 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:_raw_spin_lock+0xc/0x20 Call Trace: <TASK> mlx5_ib_get_native_port_mdev+0x73/0xe0 [mlx5_ib] do_get_hw_stats.constprop.0+0x109/0x160 [mlx5_ib] mlx5_ib_get_hw_stats+0xad/0x180 [mlx5_ib] ib_setup_device_attrs+0xf0/0x290 [ib_core] ib_register_device+0x3bb/0x510 [ib_core] ? atomic_notifier_chain_register+0x67/0x80 __mlx5_ib_add+0x2b/0x80 [mlx5_ib] mlx5r_probe+0xb8/0x150 [mlx5_ib] ? auxiliary_match_id+0x6a/0x90 auxiliary_bus_probe+0x3c/0x70 ? driver_sysfs_add+0x6b/0x90 really_probe+0xcd/0x380 __driver_probe_device+0x80/0x170 driver_probe_device+0x1e/0x90 __device_attach_driver+0x7d/0x100 ? driver_allows_async_probing+0x60/0x60 ? driver_allows_async_probing+0x60/0x60 bus_for_each_drv+0x7b/0xc0 __device_attach+0xbc/0x200 bus_probe_device+0x87/0xa0 device_add+0x404/0x940 ? dev_set_name+0x53/0x70 __auxiliary_device_add+0x43/0x60 add_adev+0x99/0xe0 [mlx5_core] mlx5_attach_device+0xc8/0x120 [mlx5_core] mlx5_load_one_devl_locked+0xb2/0xe0 [mlx5_core] devlink_reload+0x133/0x250 devlink_nl_cmd_reload+0x480/0x570 ? devlink_nl_pre_doit+0x44/0x2b0 genl_family_rcv_msg_doit.isra.0+0xc2/0x110 genl_rcv_msg+0x180/0x2b0 ? devlink_nl_cmd_region_read_
Added	Reference	https://git.kernel.org/stable/c/38b50aa44495d5eb4218f0b82fc2da76505cec53
Added	Reference	https://git.kernel.org/stable/c/8d89870d63758363b07ace5c2df82d6bf865f78b
Added	Reference	https://git.kernel.org/stable/c/9a97da4674b890b4c28f5f12beba8c33a9cd2f49
Added	Reference	https://git.kernel.org/stable/c/e597b003c736217b0c99ccf1b240c25009105238

Quick Info

CVE Dictionary Entry:
CVE-2023-53393
NVD Published Date:
09/18/2025
NVD Last Modified:
06/17/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2023-53393 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CISA-ADP 6/17/2026 2:45:11 AM

CVE Modified by kernel.org 6/17/2026 2:45:11 AM

CVE Modified by CISA-ADP 1/14/2026 2:16:38 PM

Initial Analysis by NIST 12/12/2025 2:35:11 PM

New CVE Received from kernel.org 9/18/2025 10:15:42 AM

Quick Info