{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54292", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:44.527Z", "datePublished": "2025-12-30T12:23:30.419Z", "dateUpdated": "2026-05-11T19:59:08.490Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:59:08.490Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix data race on CQP request done\n\nKCSAN detects a data race on cqp_request->request_done memory location\nwhich is accessed locklessly in irdma_handle_cqp_op while being\nupdated in irdma_cqp_ce_handler.\n\nAnnotate lockless intent with READ_ONCE/WRITE_ONCE to avoid any\ncompiler optimizations like load fusing and/or KCSAN warning.\n\n[222808.417128] BUG: KCSAN: data-race in irdma_cqp_ce_handler [irdma] / irdma_wait_event [irdma]\n\n[222808.417532] write to 0xffff8e44107019dc of 1 bytes by task 29658 on cpu 5:\n[222808.417610] irdma_cqp_ce_handler+0x21e/0x270 [irdma]\n[222808.417725] cqp_compl_worker+0x1b/0x20 [irdma]\n[222808.417827] process_one_work+0x4d1/0xa40\n[222808.417835] worker_thread+0x319/0x700\n[222808.417842] kthread+0x180/0x1b0\n[222808.417852] ret_from_fork+0x22/0x30\n\n[222808.417918] read to 0xffff8e44107019dc of 1 bytes by task 29688 on cpu 1:\n[222808.417995] irdma_wait_event+0x1e2/0x2c0 [irdma]\n[222808.418099] irdma_handle_cqp_op+0xae/0x170 [irdma]\n[222808.418202] irdma_cqp_cq_destroy_cmd+0x70/0x90 [irdma]\n[222808.418308] irdma_puda_dele_rsrc+0x46d/0x4d0 [irdma]\n[222808.418411] irdma_rt_deinit_hw+0x179/0x1d0 [irdma]\n[222808.418514] irdma_ib_dealloc_device+0x11/0x40 [irdma]\n[222808.418618] ib_dealloc_device+0x2a/0x120 [ib_core]\n[222808.418823] __ib_unregister_device+0xde/0x100 [ib_core]\n[222808.418981] ib_unregister_device+0x22/0x40 [ib_core]\n[222808.419142] irdma_ib_unregister_device+0x70/0x90 [irdma]\n[222808.419248] i40iw_close+0x6f/0xc0 [irdma]\n[222808.419352] i40e_client_device_unregister+0x14a/0x180 [i40e]\n[222808.419450] i40iw_remove+0x21/0x30 [irdma]\n[222808.419554] auxiliary_bus_remove+0x31/0x50\n[222808.419563] device_remove+0x69/0xb0\n[222808.419572] device_release_driver_internal+0x293/0x360\n[222808.419582] driver_detach+0x7c/0xf0\n[222808.419592] bus_remove_driver+0x8c/0x150\n[222808.419600] driver_unregister+0x45/0x70\n[222808.419610] auxiliary_driver_unregister+0x16/0x30\n[222808.419618] irdma_exit_module+0x18/0x1e [irdma]\n[222808.419733] __do_sys_delete_module.constprop.0+0x1e2/0x310\n[222808.419745] __x64_sys_delete_module+0x1b/0x30\n[222808.419755] do_syscall_64+0x39/0x90\n[222808.419763] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n[222808.419829] value changed: 0x01 -> 0x03"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/irdma/hw.c", "drivers/infiniband/hw/irdma/main.h", "drivers/infiniband/hw/irdma/utils.c"], "versions": [{"version": "915cc7ac0f8e2a23675ee896e87f17c7d3c47089", "lessThan": "c5b5dbcbf91f769b8eb25f88e32a1522f920f37a", "status": "affected", "versionType": "git"}, {"version": "915cc7ac0f8e2a23675ee896e87f17c7d3c47089", "lessThan": "5986e96be7d0b82e50a9c6b019ea3f1926fd8764", "status": "affected", "versionType": "git"}, {"version": "915cc7ac0f8e2a23675ee896e87f17c7d3c47089", "lessThan": "b8b90ba636e3861665aef9a3eab5fcf92839a2c5", "status": "affected", "versionType": "git"}, {"version": "915cc7ac0f8e2a23675ee896e87f17c7d3c47089", "lessThan": "f0842bb3d38863777e3454da5653d80b5fde6321", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/infiniband/hw/irdma/hw.c", "drivers/infiniband/hw/irdma/main.h", "drivers/infiniband/hw/irdma/utils.c"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.124", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.43", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.8", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.43"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.4.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c5b5dbcbf91f769b8eb25f88e32a1522f920f37a"}, {"url": "https://git.kernel.org/stable/c/5986e96be7d0b82e50a9c6b019ea3f1926fd8764"}, {"url": "https://git.kernel.org/stable/c/b8b90ba636e3861665aef9a3eab5fcf92839a2c5"}, {"url": "https://git.kernel.org/stable/c/f0842bb3d38863777e3454da5653d80b5fde6321"}], "title": "RDMA/irdma: Fix data race on CQP request done", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix data race on CQP request done\n\nKCSAN detects a data race on cqp_request->request_done memory location\nwhich is accessed locklessly in irdma_handle_cqp_op while being\nupdated in irdma_cqp_ce_handler.\n\nAnnotate lockless intent with READ_ONCE/WRITE_ONCE to avoid any\ncompiler optimizations like load fusing and/or KCSAN warning.\n\n[222808.417128] BUG: KCSAN: data-race in irdma_cqp_ce_handler [irdma] / irdma_wait_event [irdma]\n\n[222808.417532] write to 0xffff8e44107019dc of 1 bytes by task 29658 on cpu 5:\n[222808.417610] irdma_cqp_ce_handler+0x21e/0x270 [irdma]\n[222808.417725] cqp_compl_worker+0x1b/0x20 [irdma]\n[222808.417827] process_one_work+0x4d1/0xa40\n[222808.417835] worker_thread+0x319/0x700\n[222808.417842] kthread+0x180/0x1b0\n[222808.417852] ret_from_fork+0x22/0x30\n\n[222808.417918] read to 0xffff8e44107019dc of 1 bytes by task 29688 on cpu 1:\n[222808.417995] irdma_wait_event+0x1e2/0x2c0 [irdma]\n[222808.418099] irdma_handle_cqp_op+0xae/0x170 [irdma]\n[222808.418202] irdma_cqp_cq_destroy_cmd+0x70/0x90 [irdma]\n[222808.418308] irdma_puda_dele_rsrc+0x46d/0x4d0 [irdma]\n[222808.418411] irdma_rt_deinit_hw+0x179/0x1d0 [irdma]\n[222808.418514] irdma_ib_dealloc_device+0x11/0x40 [irdma]\n[222808.418618] ib_dealloc_device+0x2a/0x120 [ib_core]\n[222808.418823] __ib_unregister_device+0xde/0x100 [ib_core]\n[222808.418981] ib_unregister_device+0x22/0x40 [ib_core]\n[222808.419142] irdma_ib_unregister_device+0x70/0x90 [irdma]\n[222808.419248] i40iw_close+0x6f/0xc0 [irdma]\n[222808.419352] i40e_client_device_unregister+0x14a/0x180 [i40e]\n[222808.419450] i40iw_remove+0x21/0x30 [irdma]\n[222808.419554] auxiliary_bus_remove+0x31/0x50\n[222808.419563] device_remove+0x69/0xb0\n[222808.419572] device_release_driver_internal+0x293/0x360\n[222808.419582] driver_detach+0x7c/0xf0\n[222808.419592] bus_remove_driver+0x8c/0x150\n[222808.419600] driver_unregister+0x45/0x70\n[222808.419610] auxiliary_driver_unregister+0x16/0x30\n[222808.419618] irdma_exit_module+0x18/0x1e [irdma]\n[222808.419733] __do_sys_delete_module.constprop.0+0x1e2/0x310\n[222808.419745] __x64_sys_delete_module+0x1b/0x30\n[222808.419755] do_syscall_64+0x39/0x90\n[222808.419763] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n[222808.419829] value changed: 0x01 -> 0x03"}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nRDMA/irdma: Corregir condici\u00f3n de carrera de datos en la finalizaci\u00f3n de solicitud CQP\n\nKCSAN detecta una condici\u00f3n de carrera de datos en la ubicaci\u00f3n de memoria cqp_request->request_done, a la cual se accede sin bloqueo en irdma_handle_cqp_op mientras se actualiza en irdma_cqp_ce_handler.\n\nAnotar la intenci\u00f3n sin bloqueo con READ_ONCE/WRITE_ONCE para evitar cualquier optimizaci\u00f3n del compilador como la fusi\u00f3n de cargas y/o la advertencia de KCSAN.\n\n[222808.417128] BUG: KCSAN: condici\u00f3n de carrera de datos en irdma_cqp_ce_handler [irdma] / irdma_wait_event [irdma]\n\n[222808.417532] escritura en 0xffff8e44107019dc de 1 bytes por la tarea 29658 en la cpu 5:\n[222808.417610] irdma_cqp_ce_handler+0x21e/0x270 [irdma]\n[222808.417725] cqp_compl_worker+0x1b/0x20 [irdma]\n[222808.417827] process_one_work+0x4d1/0xa40\n[222808.417835] worker_thread+0x319/0x700\n[222808.417842] kthread+0x180/0x1b0\n[222808.417852] ret_from_fork+0x22/0x30\n\n[222808.417918] lectura en 0xffff8e44107019dc de 1 bytes por la tarea 29688 en la cpu 1:\n[222808.417995] irdma_wait_event+0x1e2/0x2c0 [irdma]\n[222808.418099] irdma_handle_cqp_op+0xae/0x170 [irdma]\n[222808.418202] irdma_cqp_cq_destroy_cmd+0x70/0x90 [irdma]\n[222808.418308] irdma_puda_dele_rsrc+0x46d/0x4d0 [irdma]\n[222808.418411] irdma_rt_deinit_hw+0x179/0x1d0 [irdma]\n[222808.418514] irdma_ib_dealloc_device+0x11/0x40 [irdma]\n[222808.418618] ib_dealloc_device+0x2a/0x120 [ib_core]\n[222808.418823] __ib_unregister_device+0xde/0x100 [ib_core]\n[222808.418981] ib_unregister_device+0x22/0x40 [ib_core]\n[222808.419142] irdma_ib_unregister_device+0x70/0x90 [irdma]\n[222808.419248] i40iw_close+0x6f/0xc0 [irdma]\n[222808.419352] i40e_client_device_unregister+0x14a/0x180 [i40e]\n[222808.419450] i40iw_remove+0x21/0x30 [irdma]\n[222808.419554] auxiliary_bus_remove+0x31/0x50\n[222808.419563] device_remove+0x69/0xb0\n[222808.419572] device_release_driver_internal+0x293/0x360\n[222808.419582] driver_detach+0x7c/0xf0\n[222808.419592] bus_remove_driver+0x8c/0x150\n[222808.419600] driver_unregister+0x45/0x70\n[222808.419610] auxiliary_driver_unregister+0x16/0x30\n[222808.419618] irdma_exit_module+0x18/0x1e [irdma]\n[222808.419733] __do_sys_delete_module.constprop.0+0x1e2/0x310\n[222808.419745] __x64_sys_delete_module+0x1b/0x30\n[222808.419755] do_syscall_64+0x39/0x90\n[222808.419763] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n[222808.419829] valor cambiado: 0x01 -> 0x03"}], "id": "CVE-2023-54292", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2025-12-30T13:16:18.280", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5986e96be7d0b82e50a9c6b019ea3f1926fd8764"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b8b90ba636e3861665aef9a3eab5fcf92839a2c5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c5b5dbcbf91f769b8eb25f88e32a1522f920f37a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f0842bb3d38863777e3454da5653d80b5fde6321"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: RDMA/irdma: Fix data race on CQP request done", "id": "2426208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426208"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2023-54292", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-12-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-54292\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54292\nhttps://lore.kernel.org/linux-cve-announce/2025123029-CVE-2023-54292-26cb@gregkh/T"], "threat_severity": "Important"}

{}