CVE-2023-52513: RDMA/siw: Fix connection failure handling
First published: Sat Mar 02 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is ready to be dropped. This special case was not handled correctly by the code handling the later TCP socket close, causing a NULL dereference crash in siw_cm_work_handler() when dereferencing a NULL listener. We now also cancel the useless MPA timeout, if immediate MPA request processing fails. This patch furthermore simplifies MPA processing in general: Scheduling a useless TCP socket read in sk_data_ready() upcall is now surpressed, if the socket is already moved out of TCP_ESTABLISHED state.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <5.4.258 | 5.4.258 |
| redhat/kernel | <5.10.198 | 5.10.198 |
| redhat/kernel | <5.15.135 | 5.15.135 |
| redhat/kernel | <6.1.57 | 6.1.57 |
| redhat/kernel | <6.5.7 | 6.5.7 |
| redhat/kernel | <6.6 | 6.6 |
| Linux Kernel | >=5.3<5.4.258 | |
| Linux Kernel | >=5.5<5.10.198 | |
| Linux Kernel | >=5.11<5.15.135 | |
| Linux Kernel | >=5.16<6.1.57 | |
| Linux Kernel | >=6.2<6.5.7 | |
| Linux Kernel | =6.6-rc1 | |
| Linux Kernel | =6.6-rc2 | |
| Linux Kernel | =6.6-rc3 | |
| Linux Kernel | =6.6-rc4 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2023-52513
- https://lore.kernel.org/linux-cve-announce/2024030251-CVE-2023-52513-5224@gregkh/T/#u
- https://access.redhat.com/errata/RHSA-2024:3618
- https://access.redhat.com/errata/RHSA-2024:3627
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2267804
- https://git.kernel.org/stable/c/6e26812e289b374c17677d238164a5a8f5770594
- https://git.kernel.org/stable/c/0d520cdb0cd095eac5d00078dfd318408c9b5eed
- https://git.kernel.org/stable/c/81b7bf367eea795d259d0261710c6a89f548844d
- https://git.kernel.org/stable/c/5cf38e638e5d01b68f9133968a85e8b3fd1ecf2f
- https://git.kernel.org/stable/c/eeafc50a77f6a783c2c44e7ec3674a7b693e06f8
- https://git.kernel.org/stable/c/53a3f777049771496f791504e7dc8ef017cba590
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-52513?
CVE-2023-52513 has been classified as having a medium severity level due to potential disruption in connection handling.
How do I fix CVE-2023-52513?
To fix CVE-2023-52513, update to the latest kernel version mentioned in the vulnerability advisory, such as 5.4.258, 5.10.198, 5.15.135, 6.1.57, 6.5.7, or 6.6.
Which systems are affected by CVE-2023-52513?
CVE-2023-52513 affects various versions of the Linux kernel, specifically versions prior to 5.4.258, 5.10.198, 5.15.135, 6.1.57, 6.5.7, and 6.6.
What type of vulnerability is CVE-2023-52513?
CVE-2023-52513 is categorized as a connection handling vulnerability within the Linux kernel related to RDMA/siw.
When was CVE-2023-52513 discovered?
CVE-2023-52513 was publicly disclosed in October 2023 following the identification and resolution of the issue in the Linux kernel.
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-52513
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.3
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.6-rc1
- version/linux kernel/6.6-rc2
- version/linux kernel/6.6-rc3
- version/linux kernel/6.6-rc4
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2