CVE-2023-53340 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Collect command failures data only for known commands

DEVX can issue a general command, which is not used by mlx5 driver.
In case such command is failed, mlx5 is trying to collect the failure
data, However, mlx5 doesn't create a storage for this command, since
mlx5 doesn't use it. This lead to array-index-out-of-bounds error.

Fix it by checking whether the command is known before collecting the
failure data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2a0a935fb64ee8af253b9c6133bb6702fb152ac2
https://git.kernel.org/stable/c/411e4d6caa7f7169192b8dacc8421ac4fd64a354
https://git.kernel.org/stable/c/d8b6f175235d7327b4e1b13216859e89496dfbd5

History

Wed, 17 Sep 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't create a storage for this command, since mlx5 doesn't use it. This lead to array-index-out-of-bounds error. Fix it by checking whether the command is known before collecting the failure data.
Title		net/mlx5: Collect command failures data only for known commands
References		https://git.kernel.org/stable/c/2a0a935fb64ee8af253b9c6133bb6702fb152ac2 https://git.kernel.org/stable/c/411e4d6caa7f7169192b8dacc8421ac4fd64a354 https://git.kernel.org/stable/c/d8b6f175235d7327b4e1b13216859e89496dfbd5

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-17T14:56:33.917Z

Updated: 2025-09-17T14:56:33.917Z

Reserved: 2025-09-16T16:08:59.565Z

Link: CVE-2023-53340

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-17T15:15:37.153

Modified: 2025-09-17T15:15:37.153

Link: CVE-2023-53340

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53340", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-16T16:08:59.565Z", "datePublished": "2025-09-17T14:56:33.917Z", "dateUpdated": "2025-09-17T14:56:33.917Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-17T14:56:33.917Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Collect command failures data only for known commands\n\nDEVX can issue a general command, which is not used by mlx5 driver.\nIn case such command is failed, mlx5 is trying to collect the failure\ndata, However, mlx5 doesn't create a storage for this command, since\nmlx5 doesn't use it. This lead to array-index-out-of-bounds error.\n\nFix it by checking whether the command is known before collecting the\nfailure data."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/cmd.c"], "versions": [{"version": "34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc", "lessThan": "411e4d6caa7f7169192b8dacc8421ac4fd64a354", "status": "affected", "versionType": "git"}, {"version": "34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc", "lessThan": "d8b6f175235d7327b4e1b13216859e89496dfbd5", "status": "affected", "versionType": "git"}, {"version": "34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc", "lessThan": "2a0a935fb64ee8af253b9c6133bb6702fb152ac2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/cmd.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.31", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3.5", "lessThanOrEqual": "6.3.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.1.31"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.3.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "6.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/411e4d6caa7f7169192b8dacc8421ac4fd64a354"}, {"url": "https://git.kernel.org/stable/c/d8b6f175235d7327b4e1b13216859e89496dfbd5"}, {"url": "https://git.kernel.org/stable/c/2a0a935fb64ee8af253b9c6133bb6702fb152ac2"}], "title": "net/mlx5: Collect command failures data only for known commands", "x_generator": {"engine": "bippy-1.2.0"}}}}