{"id":"CVE-2023-53110","summary":"net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()\n\nWhen performing a stress test on SMC-R by rmmod mlx5_ib driver\nduring the wrk/nginx test, we found that there is a probability\nof triggering a panic while terminating all link groups.\n\nThis issue dues to the race between smc_smcr_terminate_all()\nand smc_buf_create().\n\n\t\t\tsmc_smcr_terminate_all\n\nsmc_buf_create\n/* init */\nconn-\u003esndbuf_desc = NULL;\n...\n\n\t\t\t__smc_lgr_terminate\n\t\t\t\tsmc_conn_kill\n\t\t\t\t\tsmc_close_abort\n\t\t\t\t\t\tsmc_cdc_get_slot_and_msg_send\n\n\t\t\t__softirqentry_text_start\n\t\t\t\tsmc_wr_tx_process_cqe\n\t\t\t\t\tsmc_cdc_tx_handler\n\t\t\t\t\t\tREAD(conn-\u003esndbuf_desc-\u003elen);\n\t\t\t\t\t\t/* panic dues to NULL sndbuf_desc */\n\nconn-\u003esndbuf_desc = xxx;\n\nThis patch tries to fix the issue by always to check the sndbuf_desc\nbefore send any cdc msg, to make sure that no null pointer is\nseen during cqe processing.","modified":"2026-04-02T09:43:39.587176Z","published":"2025-05-02T15:55:50.367Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53110.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/22a825c541d775c1dbe7b2402786025acad6727b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/31817c530768b0199771ec6019571b4f0ddbf230"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3c270435db8aa34929263dddae8fd050f5216ecb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3ebac7cf0a184a8102821a7a00203f02bebda83c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b108bd9e6be000492ebebe867daa699285978a10"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53110.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53110"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0b29ec6436138721acf5844e558f7334a0fa61d5"},{"fixed":"31817c530768b0199771ec6019571b4f0ddbf230"},{"fixed":"b108bd9e6be000492ebebe867daa699285978a10"},{"fixed":"3c270435db8aa34929263dddae8fd050f5216ecb"},{"fixed":"3ebac7cf0a184a8102821a7a00203f02bebda83c"},{"fixed":"22a825c541d775c1dbe7b2402786025acad6727b"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53110.json"}}],"schema_version":"1.7.5"}