CVE-2023-54003

Vulnerability

Analysis

CVE-2023-54003 is a reference leak vulnerability in the Linux kernel's RDMA (Remote Direct Memory Access) core. The root cause is a missing release of the sgid_attr when an Address Handle (AH) creation request fails. Each successful GID entry lookup increments a reference count on the corresponding GID table entry; if create_ah fails without releasing that reference, a leak occurs. This leak accumulates over time as failed AH creation attempts are repeated.

Exploitation and

Attack Surface

The vulnerability is triggered during the normal creation of an Address Handle, which is a fundamental operation in RDMA communication. An attacker with the ability to induce repeated AH creation failures—for example, by providing invalid parameters or exploiting a race condition—can cause the GID table entry reference count to remain elevated. This does not require special privileges beyond having access to RDMA device operations, but local access is typically needed.

Impact

An attacker who can cause repeated AH creation failures can exhaust the GID table entry reference counters. Once the reference leak is sufficiently large, the GID entry cannot be freed even after legitimate use ends. This may lead to resource exhaustion, preventing new RDMA connections or causing a denial of service (DoS) condition on the affected system. In extreme cases, memory pressure from unreleased entries could impact overall system stability.

Mitigation

The fix has been applied in the Linux kernel stable tree, as seen in commit references [1] and [2]. System administrators should update to a kernel version containing this fix. There is no known workaround other than applying the patch or upgrading the kernel.