{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: RDMA/irdma: Fix data race on CQP completion stats",
    "id" : "2426187",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426187"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-667",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/irdma: Fix data race on CQP completion stats\nCQP completion statistics is read lockesly in irdma_wait_event and\nirdma_check_cqp_progress while it can be updated in the completion\nthread irdma_sc_ccq_get_cqe_info on another CPU as KCSAN reports.\nMake completion statistics an atomic variable to reflect coherent updates\nto it. This will also avoid load/store tearing logic bug potentially\npossible by compiler optimizations.\n[77346.170861] BUG: KCSAN: data-race in irdma_handle_cqp_op [irdma] / irdma_sc_ccq_get_cqe_info [irdma]\n[77346.171383] write to 0xffff8a3250b108e0 of 8 bytes by task 9544 on cpu 4:\n[77346.171483]  irdma_sc_ccq_get_cqe_info+0x27a/0x370 [irdma]\n[77346.171658]  irdma_cqp_ce_handler+0x164/0x270 [irdma]\n[77346.171835]  cqp_compl_worker+0x1b/0x20 [irdma]\n[77346.172009]  process_one_work+0x4d1/0xa40\n[77346.172024]  worker_thread+0x319/0x700\n[77346.172037]  kthread+0x180/0x1b0\n[77346.172054]  ret_from_fork+0x22/0x30\n[77346.172136] read to 0xffff8a3250b108e0 of 8 bytes by task 9838 on cpu 2:\n[77346.172234]  irdma_handle_cqp_op+0xf4/0x4b0 [irdma]\n[77346.172413]  irdma_cqp_aeq_cmd+0x75/0xa0 [irdma]\n[77346.172592]  irdma_create_aeq+0x390/0x45a [irdma]\n[77346.172769]  irdma_rt_init_hw.cold+0x212/0x85d [irdma]\n[77346.172944]  irdma_probe+0x54f/0x620 [irdma]\n[77346.173122]  auxiliary_bus_probe+0x66/0xa0\n[77346.173137]  really_probe+0x140/0x540\n[77346.173154]  __driver_probe_device+0xc7/0x220\n[77346.173173]  driver_probe_device+0x5f/0x140\n[77346.173190]  __driver_attach+0xf0/0x2c0\n[77346.173208]  bus_for_each_dev+0xa8/0xf0\n[77346.173225]  driver_attach+0x29/0x30\n[77346.173240]  bus_add_driver+0x29c/0x2f0\n[77346.173255]  driver_register+0x10f/0x1a0\n[77346.173272]  __auxiliary_driver_register+0xbc/0x140\n[77346.173287]  irdma_init_module+0x55/0x1000 [irdma]\n[77346.173460]  do_one_initcall+0x7d/0x410\n[77346.173475]  do_init_module+0x81/0x2c0\n[77346.173491]  load_module+0x1232/0x12c0\n[77346.173506]  __do_sys_finit_module+0x101/0x180\n[77346.173522]  __x64_sys_finit_module+0x3c/0x50\n[77346.173538]  do_syscall_64+0x39/0x90\n[77346.173553]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[77346.173634] value changed: 0x0000000000000094 -> 0x0000000000000095", "The Linux kernel contains a race condition vulnerability in its RDMA/irdma subsystem, where completion queue pair (CQP) completion statistics are read concurrently without adequate synchronization while being updated on another CPU. Under certain workloads, a lack of atomic operations and improper locking can lead to data inconsistency and unpredictable kernel behavior due to torn reads/writes and compiler optimization effects. This could potentially be exploited by a local user to trigger a kernel crash or denial of service (DoS) condition" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54302\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54302\nhttps://lore.kernel.org/linux-cve-announce/2025123033-CVE-2023-54302-a9e9@gregkh/T" ],
  "name" : "CVE-2023-54302",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria, comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}