{
  "threat_severity" : "Low",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()",
    "id" : "2426133",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426133"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-413",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()\nThere is a certain chance to trigger the following panic:\nPID: 5900   TASK: ffff88c1c8af4100  CPU: 1   COMMAND: \"kworker/1:48\"\n#0 [ffff9456c1cc79a0] machine_kexec at ffffffff870665b7\n#1 [ffff9456c1cc79f0] __crash_kexec at ffffffff871b4c7a\n#2 [ffff9456c1cc7ab0] crash_kexec at ffffffff871b5b60\n#3 [ffff9456c1cc7ac0] oops_end at ffffffff87026ce7\n#4 [ffff9456c1cc7ae0] page_fault_oops at ffffffff87075715\n#5 [ffff9456c1cc7b58] exc_page_fault at ffffffff87ad0654\n#6 [ffff9456c1cc7b80] asm_exc_page_fault at ffffffff87c00b62\n[exception RIP: ib_alloc_mr+19]\nRIP: ffffffffc0c9cce3  RSP: ffff9456c1cc7c38  RFLAGS: 00010202\nRAX: 0000000000000000  RBX: 0000000000000002  RCX: 0000000000000004\nRDX: 0000000000000010  RSI: 0000000000000000  RDI: 0000000000000000\nRBP: ffff88c1ea281d00   R8: 000000020a34ffff   R9: ffff88c1350bbb20\nR10: 0000000000000000  R11: 0000000000000001  R12: 0000000000000000\nR13: 0000000000000010  R14: ffff88c1ab040a50  R15: ffff88c1ea281d00\nORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018\n#7 [ffff9456c1cc7c60] smc_ib_get_memory_region at ffffffffc0aff6df [smc]\n#8 [ffff9456c1cc7c88] smcr_buf_map_link at ffffffffc0b0278c [smc]\n#9 [ffff9456c1cc7ce0] __smc_buf_create at ffffffffc0b03586 [smc]\nThe reason here is that when the server tries to create a second link,\nsmc_llc_srv_add_link() has no protection and may add a new link to\nlink group. This breaks the security environment protected by\nllc_conf_mutex.", "A race condition was found in the SMC (Shared Memory Communications) networking subsystem. The smc_llc_srv_add_link() function lacks proper locking, allowing concurrent link additions that can corrupt link group state and crash the kernel." ],
  "statement" : "This affects systems using SMC for RDMA-based network communication. The race requires concurrent link group operations, typically occurring under high SMC connection load on enterprise systems with InfiniBand or RoCE adapters.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54237\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54237\nhttps://lore.kernel.org/linux-cve-announce/2025123032-CVE-2023-54237-c03d@gregkh/T" ],
  "name" : "CVE-2023-54237",
  "csaw" : false
}