{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53654", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-10-07T15:16:59.661Z", "datePublished": "2025-10-07T15:19:49.985Z", "dateUpdated": "2025-10-07T15:19:49.985Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-07T15:19:49.985Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/af/cgx.c"], "versions": [{"version": "91c6945ea1f9059fea886630d0fd8070740e2aaf", "lessThan": "e425e2ba933618ee5ec8e4f3eb341efeb6c9ddef", "status": "affected", "versionType": "git"}, {"version": "91c6945ea1f9059fea886630d0fd8070740e2aaf", "lessThan": "a5485a943193e55c79150382e6461e8ea759e96e", "status": "affected", "versionType": "git"}, {"version": "91c6945ea1f9059fea886630d0fd8070740e2aaf", "lessThan": "b04872e15f3df62cb2fd530950f769626e1ef489", "status": "affected", "versionType": "git"}, {"version": "91c6945ea1f9059fea886630d0fd8070740e2aaf", "lessThan": "79ebb53772c95d3a6ae51b3c65f9985fdd430df6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/af/cgx.c"], "versions": [{"version": "5.12", "status": "affected"}, {"version": "0", "lessThan": "5.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.121", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.39", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.4", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "5.15.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.1.39"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.4.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.12", "versionEndExcluding": "6.5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e425e2ba933618ee5ec8e4f3eb341efeb6c9ddef"}, {"url": "https://git.kernel.org/stable/c/a5485a943193e55c79150382e6461e8ea759e96e"}, {"url": "https://git.kernel.org/stable/c/b04872e15f3df62cb2fd530950f769626e1ef489"}, {"url": "https://git.kernel.org/stable/c/79ebb53772c95d3a6ae51b3c65f9985fdd430df6"}], "title": "octeontx2-af: Add validation before accessing cgx and lmac", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000"}], "id": "CVE-2023-53654", "lastModified": "2025-10-08T19:38:09.863", "metrics": {}, "published": "2025-10-07T16:15:48.973", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/79ebb53772c95d3a6ae51b3c65f9985fdd430df6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a5485a943193e55c79150382e6461e8ea759e96e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b04872e15f3df62cb2fd530950f769626e1ef489"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e425e2ba933618ee5ec8e4f3eb341efeb6c9ddef"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: octeontx2-af: Add validation before accessing cgx and lmac", "id": "2402189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402189"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2023-53654", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhivos:1", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat In-Vehicle Operating System 1"}], "public_date": "2025-10-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53654\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53654\nhttps://lore.kernel.org/linux-cve-announce/2025100720-CVE-2023-53654-dcad@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-10-08T13:36:45.867853+00:00", "updated": "2025-10-08T13:36:45.867879+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}