Linux Kernel up to 5.10.175/5.15.103/6.1.20/6.2.7 smc_cdc_tx_handler null pointer dereference

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel up to 5.10.175/5.15.103/6.1.20/6.2.7 and classified as critical. Impacted is the function smc_cdc_tx_handler. The manipulation results in null pointer dereference.
This vulnerability is known as CVE-2023-53110. No exploit is available.
It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.175/5.15.103/6.1.20/6.2.7. Affected is the function smc_cdc_tx_handler. The manipulation with an unknown input leads to a null pointer dereference vulnerability. CWE is classifying the issue as CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. This is going to have an impact on availability. CVE summarizes:
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() When performing a stress test on SMC-R by rmmod mlx5_ib driver during the wrk/nginx test, we found that there is a probability of triggering a panic while terminating all link groups. This issue dues to the race between smc_smcr_terminate_all() and smc_buf_create(). smc_smcr_terminate_all smc_buf_create /* init */ conn->sndbuf_desc = NULL; ... __smc_lgr_terminate smc_conn_kill smc_close_abort smc_cdc_get_slot_and_msg_send __softirqentry_text_start smc_wr_tx_process_cqe smc_cdc_tx_handler READ(conn->sndbuf_desc->len); /* panic dues to NULL sndbuf_desc */ conn->sndbuf_desc = xxx; This patch tries to fix the issue by always to check the sndbuf_desc before send any cdc msg, to make sure that no null pointer is seen during cqe processing.
The advisory is available at git.kernel.org. This vulnerability is traded as CVE-2023-53110 since 05/02/2025. The exploitability is told to be difficult. Technical details are known, but there is no available exploit.
Upgrading to version 5.10.176, 5.15.104, 6.1.21 or 6.2.8 eliminates this vulnerability. Applying the patch 31817c530768b0199771ec6019571b4f0ddbf230/b108bd9e6be000492ebebe867daa699285978a10/3c270435db8aa34929263dddae8fd050f5216ecb/3ebac7cf0a184a8102821a7a00203f02bebda83c/22a825c541d775c1dbe7b2402786025acad6727b is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
- 5.10.175
- 5.15.103
- 6.1.0
- 6.1.1
- 6.1.2
- 6.1.3
- 6.1.4
- 6.1.5
- 6.1.6
- 6.1.7
- 6.1.8
- 6.1.9
- 6.1.10
- 6.1.11
- 6.1.12
- 6.1.13
- 6.1.14
- 6.1.15
- 6.1.16
- 6.1.17
- 6.1.18
- 6.1.19
- 6.1.20
- 6.2.0
- 6.2.1
- 6.2.2
- 6.2.3
- 6.2.4
- 6.2.5
- 6.2.6
- 6.2.7
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.1VulDB Meta Temp Score: 5.0
VulDB Base Score: 4.8
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 5.10.176/5.15.104/6.1.21/6.2.8
Patch: 31817c530768b0199771ec6019571b4f0ddbf230/b108bd9e6be000492ebebe867daa699285978a10/3c270435db8aa34929263dddae8fd050f5216ecb/3ebac7cf0a184a8102821a7a00203f02bebda83c/22a825c541d775c1dbe7b2402786025acad6727b
Timeline
05/02/2025 🔍05/02/2025 🔍
05/02/2025 🔍
11/10/2025 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2023-53110 (🔍)
GCVE (CVE): GCVE-0-2023-53110
GCVE (VulDB): GCVE-100-307290
Entry
Created: 05/02/2025 20:04Updated: 11/10/2025 19:32
Changes: 05/02/2025 20:04 (58), 11/10/2025 19:32 (12)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.