VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54236

CVE-2023-54236

Description

In the Linux kernel, the following vulnerability has been resolved:

net/net_failover: fix txq exceeding warning

The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned from the primary device if the primary device is UP and running. If the primary device txq is bigger than the default 16, it can lead to the following warning: eth0 selects TX queue 18, but real number of TX queues is 16

The warning backtrace is: [ 32.146376] CPU: 18 PID: 9134 Comm: chronyd Tainted: G E 6.2.8-1.el7.centos.x86_64 #1 [ 32.147175] Hardware name: Red Hat KVM, BIOS 1.10.2-3.el7_4.1 04/01/2014 [ 32.147730] Call Trace: [ 32.147971] [ 32.148183] dump_stack_lvl+0x48/0x70 [ 32.148514] dump_stack+0x10/0x20 [ 32.148820] netdev_core_pick_tx+0xb1/0xe0 [ 32.149180] __dev_queue_xmit+0x529/0xcf0 [ 32.149533] ? __check_object_size.part.0+0x21c/0x2c0 [ 32.149967] ip_finish_output2+0x278/0x560 [ 32.150327] __ip_finish_output+0x1fe/0x2f0 [ 32.150690] ip_finish_output+0x2a/0xd0 [ 32.151032] ip_output+0x7a/0x110 [ 32.151337] ? __pfx_ip_finish_output+0x10/0x10 [ 32.151733] ip_local_out+0x5e/0x70 [ 32.152054] ip_send_skb+0x19/0x50 [ 32.152366] udp_send_skb.isra.0+0x163/0x3a0 [ 32.152736] udp_sendmsg+0xba8/0xec0 [ 32.153060] ? __folio_memcg_unlock+0x25/0x60 [ 32.153445] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 32.153854] ? sock_has_perm+0x85/0xa0 [ 32.154190] inet_sendmsg+0x6d/0x80 [ 32.154508] ? inet_sendmsg+0x6d/0x80 [ 32.154838] sock_sendmsg+0x62/0x70 [ 32.155152] ____sys_sendmsg+0x134/0x290 [ 32.155499] ___sys_sendmsg+0x81/0xc0 [ 32.155828] ? _get_random_bytes.part.0+0x79/0x1a0 [ 32.156240] ? ip4_datagram_release_cb+0x5f/0x1e0 [ 32.156649] ? get_random_u16+0x69/0xf0 [ 32.156989] ? __fget_light+0xcf/0x110 [ 32.157326] __sys_sendmmsg+0xc4/0x210 [ 32.157657] ? __sys_connect+0xb7/0xe0 [ 32.157995] ? __audit_syscall_entry+0xce/0x140 [ 32.158388] ? syscall_trace_enter.isra.0+0x12c/0x1a0 [ 32.158820] __x64_sys_sendmmsg+0x24/0x30 [ 32.159171] do_syscall_64+0x38/0x90 [ 32.159493] entry_SYSCALL_64_after_hwframe+0x72/0xdc

Fix that by reducing txq number as the non-existent primary-dev does.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel's net_failover driver, a mismatch between the fixed 16 TX queues and a primary device with more queues causes a warning when selecting a TX queue.

Vulnerability

Description

The net_failover driver in the Linux kernel initializes its transmit queue (txq) count to a fixed value of 16. When a packet is transmitted through the failover device, the driver selects the TX queue index returned by the primary device if that device is UP and running. If the primary device has more than 16 TX queues, the selected queue index can exceed 15, triggering a kernel warning: "eth0 selects TX queue 18, but real number of TX queues is 16" [1]. This warning is accompanied by a stack trace, as shown in the CVE description.

Exploitation

Conditions

The vulnerability is triggered during normal network packet transmission over a failover device. No special privileges or authentication are required beyond the ability to send network traffic through the affected interface. The prerequisite is a system configured with net_failover and a primary network device that exposes more than 16 TX queues. This condition can occur with modern high-performance NICs that support multiple transmit queues.

Impact

The primary impact is a kernel warning that floods the system log, potentially causing denial of service through log exhaustion or system instability. The warning itself does not lead to memory corruption or privilege escalation, but it indicates a logic error in queue selection that could, in rare cases, lead to undefined behavior if the out-of-bounds queue index is used for further operations.

Mitigation

The issue has been fixed in the Linux kernel stable tree. Patches are available in commits [1] and [2], which ensure that the failover driver caps the selected queue index to the actual number of TX queues available. Users should apply the latest kernel updates from their distribution to remediate this vulnerability.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

6
105cc2683282
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f032e125149d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
2d5cebf57296
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
c942f5cd63b7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
44d250c22209
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
e3cbdcb0fbb6
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.