{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-01T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: RDMA/cma: Allow UD qp_type to join multicast only",
    "id" : "2400694",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400694"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-908",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/cma: Allow UD qp_type to join multicast only\nAs for multicast:\n- The SIDR is the only mode that makes sense;\n- Besides PS_UDP, other port spaces like PS_IB is also allowed, as it is\nUD compatible. In this case qkey also needs to be set [1].\nThis patch allows only UD qp_type to join multicast, and set qkey to\ndefault if it's not set, to fix an uninit-value error: the ib->rec.qkey\nfield is accessed without being initialized.\n=====================================================\nBUG: KMSAN: uninit-value in cma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\nBUG: KMSAN: uninit-value in cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\ncma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\ncma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\ncma_iboe_join_multicast drivers/infiniband/core/cma.c:4782 [inline]\nrdma_join_multicast+0x2b83/0x30a0 drivers/infiniband/core/cma.c:4814\nucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\nucma_join_multicast+0x1e3/0x250 drivers/infiniband/core/ucma.c:1546\nucma_write+0x639/0x6d0 drivers/infiniband/core/ucma.c:1732\nvfs_write+0x8ce/0x2030 fs/read_write.c:588\nksys_write+0x28c/0x520 fs/read_write.c:643\n__do_sys_write fs/read_write.c:655 [inline]\n__se_sys_write fs/read_write.c:652 [inline]\n__ia32_sys_write+0xdb/0x120 fs/read_write.c:652\ndo_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]\n__do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180\ndo_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205\ndo_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248\nentry_SYSENTER_compat_after_hwframe+0x4d/0x5c\nLocal variable ib.i created at:\ncma_iboe_join_multicast drivers/infiniband/core/cma.c:4737 [inline]\nrdma_join_multicast+0x586/0x30a0 drivers/infiniband/core/cma.c:4814\nucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\nCPU: 0 PID: 29874 Comm: syz-executor.3 Not tainted 5.16.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n=====================================================\n[1] https://lore.kernel.org/linux-rdma/20220117183832.GD84788@nvidia.com/" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53525\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53525\nhttps://lore.kernel.org/linux-cve-announce/2025100134-CVE-2023-53525-ee57@gregkh/T" ],
  "name" : "CVE-2023-53525",
  "csaw" : false
}