VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Oct 1, 2025· Updated Apr 6, 2026

CVE-2023-53528

CVE-2023-53528

Description

In the Linux kernel, the following vulnerability has been resolved:

RDMA/rxe: Fix unsafe drain work queue code

If create_qp does not fully succeed it is possible for qp cleanup code to attempt to drain the send or recv work queues before the queues have been created causing a seg fault. This patch checks to see if the queues exist before attempting to drain them.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A null-pointer dereference in the Linux kernel's RDMA/rxe driver can cause a segmentation fault during incomplete QP creation.

Vulnerability

In the Linux kernel's RDMA/rxe driver, a flaw exists in the drain work queue code. When create_qp does not fully succeed, the cleanup code may attempt to drain the send or receive work queues before they have been properly initialized, leading to a null-pointer dereference and a segmentation fault. [1][2][3]

Exploitation

An attacker who can trigger a partial failure in a QP creation operation on a system using the rxe driver can cause the kernel to access uninitialized queue pointers. This condition occurs without requiring special privileges beyond the ability to create RDMA queue pairs. No authentication is needed if the attacker can interact with the RDMA subsystem.

Impact

A successful exploit causes a kernel crash (segmentation fault), resulting in a denial of service (DoS). The system becomes unstable and may require a reboot to restore normal operation.

Mitigation

The fix introduces a check for the existence of the work queues before attempting to drain them. Patches have been applied to the stable kernel branches. [1][2][3] Users should update to a kernel containing the commit or apply the referenced patch.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.4,<6.4.16
    • (no CPE)

Patches

3
da572f6313ae
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
d366642b3099
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
5993b75d0bc7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.