CVE-2023-53340

HIGH

Linux Kernel 5.18-6.1.30, 6.3.0-6.3.4, 6.4+ - Array Index Out-of-Bounds in mlx5 DEVX Command Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't create a storage for this command, since mlx5 doesn't use it. This lead to array-index-out-of-bounds error. Fix it by checking whether the command is known before collecting the failure data.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/411e4d6caa7f7169192b8dacc8421ac4fd64a354

Patch

https://git.kernel.org/stable/c/d8b6f175235d7327b4e1b13216859e89496dfbd5

Patch

https://git.kernel.org/stable/c/2a0a935fb64ee8af253b9c6133bb6702fb152ac2

Scores

CVSS v3 7.8

EPSS 0.0020

EPSS Percentile 9.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-129

Status published

Products (10)

Linux/Linux < 5.18

Linux/Linux 34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc - 2a0a935fb64ee8af253b9c6133bb6702fb152ac2

Linux/Linux 34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc - 411e4d6caa7f7169192b8dacc8421ac4fd64a354

Linux/Linux 34f46ae0d4b38e83cfb26fb6f06b5b5efea47fdc - d8b6f175235d7327b4e1b13216859e89496dfbd5

Linux/Linux 5.18

Linux/Linux 6.1.31 - 6.1.*

Linux/Linux 6.3.5 - 6.3.*

Linux/Linux 6.4

linux/linux_kernel 6.4 rc1 (3 CPE variants)

linux/linux_kernel 5.18 - 6.1.31

Published Sep 17, 2025

Tracked Since Feb 18, 2026