{
  "threat_severity" : "Low",
  "public_date" : "2025-12-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add",
    "id" : "2426186",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2426186"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-366",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add\nWhile doing smcr_port_add, there maybe linkgroup add into or delete\nfrom smc_lgr_list.list at the same time, which may result kernel crash.\nSo, use smc_lgr_list.lock to protect smc_lgr_list.list iterate in\nsmcr_port_add.\nThe crash calltrace show below:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nCPU: 0 PID: 559726 Comm: kworker/0:92 Kdump: loaded Tainted: G\nHardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 449e491 04/01/2014\nWorkqueue: events smc_ib_port_event_work [smc]\nRIP: 0010:smcr_port_add+0xa6/0xf0 [smc]\nRSP: 0000:ffffa5a2c8f67de0 EFLAGS: 00010297\nRAX: 0000000000000001 RBX: ffff9935e0650000 RCX: 0000000000000000\nRDX: 0000000000000010 RSI: ffff9935e0654290 RDI: ffff9935c8560000\nRBP: 0000000000000000 R08: 0000000000000000 R09: ffff9934c0401918\nR10: 0000000000000000 R11: ffffffffb4a5c278 R12: ffff99364029aae4\nR13: ffff99364029aa00 R14: 00000000ffffffed R15: ffff99364029ab08\nFS:  0000000000000000(0000) GS:ffff994380600000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 0000000f06a10003 CR4: 0000000002770ef0\nPKRU: 55555554\nCall Trace:\nsmc_ib_port_event_work+0x18f/0x380 [smc]\nprocess_one_work+0x19b/0x340\nworker_thread+0x30/0x370\n? process_one_work+0x340/0x340\nkthread+0x114/0x130\n? __kthread_cancel_work+0x50/0x50\nret_from_fork+0x1f/0x30", "A race condition was found in the SMC networking subsystem. Iterating over the link group list in smcr_port_add() without holding the lock can cause crashes when concurrent add/remove operations modify the list." ],
  "statement" : "This affects systems using SMC over RDMA networking. The race requires concurrent InfiniBand port events and link group management, typically occurring in high-availability configurations with dynamic port state changes.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54318\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54318\nhttps://lore.kernel.org/linux-cve-announce/2025123038-CVE-2023-54318-bb2a@gregkh/T" ],
  "name" : "CVE-2023-54318",
  "csaw" : false
}