CVE-2023-53994

The vulnerability is a WARN_ON macro in the ionic network driver of the Linux kernel. This macro was an early development check that remained in the code. When the kernel is configured with panic_on_warn, any WARN_ON invocation triggers a kernel panic, turning a benign warning into a denial-of-service condition.

The WARN_ON could be triggered during normal driver operations, such as interrupt allocation or deallocation paths. An attacker with local access and the ability to interact with the ionic driver could potentially cause the WARN_ON to fire, leading to a system crash.

The impact is a local denial of service (kernel panic). No privilege escalation or data leak is associated with this bug. The severity is moderate, as it requires local access and specific conditions.

The fix removes the unnecessary WARN_ON, preventing the panic. The patch has been applied to the Linux kernel stable branches. Users should update to a kernel version containing the fix.