{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: RDMA/irdma: Cap MSIX used to online CPUs + 1",
    "id" : "2420237",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420237"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-1285",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/irdma: Cap MSIX used to online CPUs + 1\nThe irdma driver can use a maximum number of msix vectors equal\nto num_online_cpus() + 1 and the kernel warning stack below is shown\nif that number is exceeded.\nThe kernel throws a warning as the driver tries to update the affinity\nhint with a CPU mask greater than the max CPU IDs. Fix this by capping\nthe MSIX vectors to num_online_cpus() + 1.\nWARNING: CPU: 7 PID: 23655 at include/linux/cpumask.h:106 irdma_cfg_ceq_vector+0x34c/0x3f0 [irdma]\nRIP: 0010:irdma_cfg_ceq_vector+0x34c/0x3f0 [irdma]\nCall Trace:\nirdma_rt_init_hw+0xa62/0x1290 [irdma]\n? irdma_alloc_local_mac_entry+0x1a0/0x1a0 [irdma]\n? __is_kernel_percpu_address+0x63/0x310\n? rcu_read_lock_held_common+0xe/0xb0\n? irdma_lan_unregister_qset+0x280/0x280 [irdma]\n? irdma_request_reset+0x80/0x80 [irdma]\n? ice_get_qos_params+0x84/0x390 [ice]\nirdma_probe+0xa40/0xfc0 [irdma]\n? rcu_read_lock_bh_held+0xd0/0xd0\n? irdma_remove+0x140/0x140 [irdma]\n? rcu_read_lock_sched_held+0x62/0xe0\n? down_write+0x187/0x3d0\n? auxiliary_match_id+0xf0/0x1a0\n? irdma_remove+0x140/0x140 [irdma]\nauxiliary_bus_probe+0xa6/0x100\n__driver_probe_device+0x4a4/0xd50\n? __device_attach_driver+0x2c0/0x2c0\ndriver_probe_device+0x4a/0x110\n__driver_attach+0x1aa/0x350\nbus_for_each_dev+0x11d/0x1b0\n? subsys_dev_iter_init+0xe0/0xe0\nbus_add_driver+0x3b1/0x610\ndriver_register+0x18e/0x410\n? 0xffffffffc0b88000\nirdma_init_module+0x50/0xaa [irdma]\ndo_one_initcall+0x103/0x5f0\n? perf_trace_initcall_level+0x420/0x420\n? do_init_module+0x4e/0x700\n? __kasan_kmalloc+0x7d/0xa0\n? kmem_cache_alloc_trace+0x188/0x2b0\n? kasan_unpoison+0x21/0x50\ndo_init_module+0x1d1/0x700\nload_module+0x3867/0x5260\n? layout_and_allocate+0x3990/0x3990\n? rcu_read_lock_held_common+0xe/0xb0\n? rcu_read_lock_sched_held+0x62/0xe0\n? rcu_read_lock_bh_held+0xd0/0xd0\n? __vmalloc_node_range+0x46b/0x890\n? lock_release+0x5c8/0xba0\n? alloc_vm_area+0x120/0x120\n? selinux_kernel_module_from_file+0x2a5/0x300\n? __inode_security_revalidate+0xf0/0xf0\n? __do_sys_init_module+0x1db/0x260\n__do_sys_init_module+0x1db/0x260\n? load_module+0x5260/0x5260\n? do_syscall_64+0x22/0x450\ndo_syscall_64+0xa5/0x450\nentry_SYSCALL_64_after_hwframe+0x66/0xdb", "A bounds checking flaw was found in the Intel RDMA (irdma) driver in the Linux kernel. The driver may request more MSIX vectors than online CPUs allow, then attempt to set CPU affinity hints with an invalid CPU mask. This triggers kernel warnings and could cause instability." ],
  "statement" : "This affects Intel Ethernet adapters with RDMA capability (E810, etc.). The bug causes kernel warnings during driver initialization when MSIX vector count exceeds online CPU count plus one.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-477.10.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53811\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53811\nhttps://lore.kernel.org/linux-cve-announce/2025120944-CVE-2023-53811-dc26@gregkh/T" ],
  "name" : "CVE-2023-53811",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the irdma module from being loaded. See https://access.redhat.com/solutions/41278 for instructions.",
    "lang" : "en:us"
  },
  "csaw" : false
}