{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: RDMA/irdma: Fix data race on CQP request done",
    "id" : "2426208",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426208"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-366",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/irdma: Fix data race on CQP request done\nKCSAN detects a data race on cqp_request->request_done memory location\nwhich is accessed locklessly in irdma_handle_cqp_op while being\nupdated in irdma_cqp_ce_handler.\nAnnotate lockless intent with READ_ONCE/WRITE_ONCE to avoid any\ncompiler optimizations like load fusing and/or KCSAN warning.\n[222808.417128] BUG: KCSAN: data-race in irdma_cqp_ce_handler [irdma] / irdma_wait_event [irdma]\n[222808.417532] write to 0xffff8e44107019dc of 1 bytes by task 29658 on cpu 5:\n[222808.417610]  irdma_cqp_ce_handler+0x21e/0x270 [irdma]\n[222808.417725]  cqp_compl_worker+0x1b/0x20 [irdma]\n[222808.417827]  process_one_work+0x4d1/0xa40\n[222808.417835]  worker_thread+0x319/0x700\n[222808.417842]  kthread+0x180/0x1b0\n[222808.417852]  ret_from_fork+0x22/0x30\n[222808.417918] read to 0xffff8e44107019dc of 1 bytes by task 29688 on cpu 1:\n[222808.417995]  irdma_wait_event+0x1e2/0x2c0 [irdma]\n[222808.418099]  irdma_handle_cqp_op+0xae/0x170 [irdma]\n[222808.418202]  irdma_cqp_cq_destroy_cmd+0x70/0x90 [irdma]\n[222808.418308]  irdma_puda_dele_rsrc+0x46d/0x4d0 [irdma]\n[222808.418411]  irdma_rt_deinit_hw+0x179/0x1d0 [irdma]\n[222808.418514]  irdma_ib_dealloc_device+0x11/0x40 [irdma]\n[222808.418618]  ib_dealloc_device+0x2a/0x120 [ib_core]\n[222808.418823]  __ib_unregister_device+0xde/0x100 [ib_core]\n[222808.418981]  ib_unregister_device+0x22/0x40 [ib_core]\n[222808.419142]  irdma_ib_unregister_device+0x70/0x90 [irdma]\n[222808.419248]  i40iw_close+0x6f/0xc0 [irdma]\n[222808.419352]  i40e_client_device_unregister+0x14a/0x180 [i40e]\n[222808.419450]  i40iw_remove+0x21/0x30 [irdma]\n[222808.419554]  auxiliary_bus_remove+0x31/0x50\n[222808.419563]  device_remove+0x69/0xb0\n[222808.419572]  device_release_driver_internal+0x293/0x360\n[222808.419582]  driver_detach+0x7c/0xf0\n[222808.419592]  bus_remove_driver+0x8c/0x150\n[222808.419600]  driver_unregister+0x45/0x70\n[222808.419610]  auxiliary_driver_unregister+0x16/0x30\n[222808.419618]  irdma_exit_module+0x18/0x1e [irdma]\n[222808.419733]  __do_sys_delete_module.constprop.0+0x1e2/0x310\n[222808.419745]  __x64_sys_delete_module+0x1b/0x30\n[222808.419755]  do_syscall_64+0x39/0x90\n[222808.419763]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[222808.419829] value changed: 0x01 -> 0x03", "A race condition was identified in the RDMA/irdma subsystem of the Linux kernel affecting how completion queue pair (CQP) requests are processed. The cqp_request->request_done memory location is accessed without appropriate synchronization in the irdma_handle_cqp_op function while it is concurrently updated in irdma_cqp_ce_handler. Kernel Concurrency Sanitizer can detect this unsafe access pattern, which may lead to unpredictable behavior, kernel warnings, or system instability" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54292\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54292\nhttps://lore.kernel.org/linux-cve-announce/2025123029-CVE-2023-54292-26cb@gregkh/T" ],
  "name" : "CVE-2023-54292",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}