{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service in mlx5e due to incorrect encap attribute handling",
    "id" : "2425019",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425019"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-704",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5e: Use correct encap attribute during invalidation\nWith introduction of post action infrastructure most of the users of encap\nattribute had been modified in order to obtain the correct attribute by\ncalling mlx5e_tc_get_encap_attr() helper instead of assuming encap action\nis always on default attribute. However, the cited commit didn't modify\nmlx5e_invalidate_encap() which prevents it from destroying correct modify\nheader action which leads to a warning [0]. Fix the issue by using correct\nattribute.\n[0]:\nFeb 21 09:47:35 c-237-177-40-045 kernel: WARNING: CPU: 17 PID: 654 at drivers/net/ethernet/mellanox/mlx5/core/en_tc.c:684 mlx5e_tc_attach_mod_hdr+0x1cc/0x230 [mlx5_core]\nFeb 21 09:47:35 c-237-177-40-045 kernel: RIP: 0010:mlx5e_tc_attach_mod_hdr+0x1cc/0x230 [mlx5_core]\nFeb 21 09:47:35 c-237-177-40-045 kernel: Call Trace:\nFeb 21 09:47:35 c-237-177-40-045 kernel:  <TASK>\nFeb 21 09:47:35 c-237-177-40-045 kernel:  mlx5e_tc_fib_event_work+0x8e3/0x1f60 [mlx5_core]\nFeb 21 09:47:35 c-237-177-40-045 kernel:  ? mlx5e_take_all_encap_flows+0xe0/0xe0 [mlx5_core]\nFeb 21 09:47:35 c-237-177-40-045 kernel:  ? lock_downgrade+0x6d0/0x6d0\nFeb 21 09:47:35 c-237-177-40-045 kernel:  ? lockdep_hardirqs_on_prepare+0x273/0x3f0\nFeb 21 09:47:35 c-237-177-40-045 kernel:  ? lockdep_hardirqs_on_prepare+0x273/0x3f0\nFeb 21 09:47:35 c-237-177-40-045 kernel:  process_one_work+0x7c2/0x1310\nFeb 21 09:47:35 c-237-177-40-045 kernel:  ? lockdep_hardirqs_on_prepare+0x3f0/0x3f0\nFeb 21 09:47:35 c-237-177-40-045 kernel:  ? pwq_dec_nr_in_flight+0x230/0x230\nFeb 21 09:47:35 c-237-177-40-045 kernel:  ? rwlock_bug.part.0+0x90/0x90\nFeb 21 09:47:35 c-237-177-40-045 kernel:  worker_thread+0x59d/0xec0\nFeb 21 09:47:35 c-237-177-40-045 kernel:  ? __kthread_parkme+0xd9/0x1d0", "A flaw was found in the mlx5e Traffic Control (TC) encapsulation logic in the net/mlx5e driver of the Linux kernel. The code responsible for invalidating encapsulation actions did not use the proper helper function to retrieve the correct encapsulation attribute, instead assuming the default attribute would suffice. When the post-action infrastructure was introduced, most users of the encap attribute were updated to call mlx5e_tc_get_encap_attr() to obtain the correct attribute; however, the invalidation path in mlx5e_invalidate_encap() was not updated accordingly. This could result in improper destruction of header modify actions and generate WARNINGS in the kernel log." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54074\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54074\nhttps://lore.kernel.org/linux-cve-announce/2025122432-CVE-2023-54074-cf89@gregkh/T" ],
  "name" : "CVE-2023-54074",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}