CVE-2023-54074
Description
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Use correct encap attribute during invalidation
With introduction of post action infrastructure most of the users of encap attribute had been modified in order to obtain the correct attribute by calling mlx5e_tc_get_encap_attr() helper instead of assuming encap action is always on default attribute. However, the cited commit didn't modify mlx5e_invalidate_encap() which prevents it from destroying correct modify header action which leads to a warning [0]. Fix the issue by using correct attribute.
[0]:
Feb 21 09:47:35 c-237-177-40-045 kernel: WARNING: CPU: 17 PID: 654 at drivers/net/ethernet/mellanox/mlx5/core/en_tc.c:684 mlx5e_tc_attach_mod_hdr+0x1cc/0x230 [mlx5_core] Feb 21 09:47:35 c-237-177-40-045 kernel: RIP: 0010:mlx5e_tc_attach_mod_hdr+0x1cc/0x230 [mlx5_core] Feb 21 09:47:35 c-237-177-40-045 kernel: Call Trace: Feb 21 09:47:35 c-237-177-40-045 kernel: Feb 21 09:47:35 c-237-177-40-045 kernel: mlx5e_tc_fib_event_work+0x8e3/0x1f60 [mlx5_core] Feb 21 09:47:35 c-237-177-40-045 kernel: ? mlx5e_take_all_encap_flows+0xe0/0xe0 [mlx5_core] Feb 21 09:47:35 c-237-177-40-045 kernel: ? lock_downgrade+0x6d0/0x6d0 Feb 21 09:47:35 c-237-177-40-045 kernel: ? lockdep_hardirqs_on_prepare+0x273/0x3f0 Feb 21 09:47:35 c-237-177-40-045 kernel: ? lockdep_hardirqs_on_prepare+0x273/0x3f0 Feb 21 09:47:35 c-237-177-40-045 kernel: process_one_work+0x7c2/0x1310 Feb 21 09:47:35 c-237-177-40-045 kernel: ? lockdep_hardirqs_on_prepare+0x3f0/0x3f0 Feb 21 09:47:35 c-237-177-40-045 kernel: ? pwq_dec_nr_in_flight+0x230/0x230 Feb 21 09:47:35 c-237-177-40-045 kernel: ? rwlock_bug.part.0+0x90/0x90 Feb 21 09:47:35 c-237-177-40-045 kernel: worker_thread+0x59d/0xec0 Feb 21 09:47:35 c-237-177-40-045 kernel: ? __kthread_parkme+0xd9/0x1d0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing helper call in the Linux kernel's mlx5e driver causes a warning when invalidating encap entries after post-action infrastructure changes.
Root
Cause
The vulnerability is a logic error in the Linux kernel's mlx5e network driver. During the introduction of post-action infrastructure, post action infrastructure, most code paths that access the encap attribute were updated to use the mlx5e_tc_get_encap_attr() helper to select the correct attribute. However, the function mlx5e_invalidate_encap() was not updated, causing it to always to use the default encap attribute instead of the correct one [1].
Exploitation
This bug is triggered during encap invalidation, which occurs when a FIB event (e.g., route change) is processed. The kernel function mlx5e_tc_fib_event_work() calls the invalidation path, and due to the incorrect attribute, the driver attempts to attach a modify header action using the wrong handle. This leads to a kernel warning (WARN_ON) and a stack trace, as shown in the CVE description [1].
Impact
An attacker who can trigger a FIB event-based encap invalidation (e.g., by manipulating network routes) can cause a kernel warning, which may lead to a denial of service (system instability or crash). The warning indicates that the driver is in an inconsistent state, potentially corrupting hardware offload state [1].
Mitigation
The fix is to call mlx5e_tc_get_encap_attr() in mlx5e_invalidate_encap() to use the correct attribute. The patch has been applied to the Linux kernel stable tree [1]. Users should update to a kernel containing this fix.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
300959a1bad58b8b4292fdd88be071cdb167fVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.