CVE-2023-54028

In the Linux kernel's RDMA/rxe driver, a bug exists in the QP (Queue Pair) creation process. When rxe_create_qp() calls rxe_qp_from_init(), the QP initialization proceeds through several steps, including rxe_init_task which sets up internal structures like spinlocks. However, if an error occurs before rxe_init_task completes, the cleanup routine rxe_cleanup_task is still invoked, attempting to access a spinlock that has not been initialized. This leads to a kernel panic with the error 'trying to register non-static key'.

Exploitation requires triggering a specific error during QP creation before the spinlock initialization. The attacker must have the ability to create QP objects via the RDMA subsystem, which typically requires local access or sufficient privileges to interact with RDMA devices. No network-based attack vector is involved; it is a local vulnerability.

The impact is a system crash (denial of service) due to the kernel panic. The attacker does not gain privilege escalation or data access, but can cause a denial of service condition.

The fix is included in the Linux kernel stable commit referenced in [1]. Users should apply the patch to prevent this issue. The kernel version affected includes those prior to the commit that ensures rxe_cleanup_task is only called if rxe_init_task has been executed.