VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54238

CVE-2023-54238

Description

In the Linux kernel, the following vulnerability has been resolved:

mlx5: fix skb leak while fifo resync and push

During ptp resync operation SKBs were poped from the fifo but were never freed neither by napi_consume nor by dev_kfree_skb_any. Add call to napi_consume_skb to properly free SKBs.

Another leak was happening because mlx5e_skb_fifo_has_room() had an error in the check. Comparing free running counters works well unless C promotes the types to something wider than the counter. In this case counters are u16 but the result of the substraction is promouted to int and it causes wrong result (negative value) of the check when producer have already overlapped but consumer haven't yet. Explicit cast to u16 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Two bugs in the Linux kernel's mlx5 driver cause skb leaks during PTP resync: a missing skb free and a signed integer overflow in a fifo room check.

Vulnerability

Analysis

Two distinct bugs in the Linux kernel's mlx5 Ethernet driver lead to socket buffer (skb) leaks during Precision Time Protocol (PTP) resync operations. The first issue is that SKBs popped from the fifo during the resync are never freed; neither napi_consume_skb nor dev_kfree_skb_any is called, causing a memory leak [1].

The second bug lies in the mlx5e_skb_fifo_has_room() function. The check uses subtraction of two u16 free-running counters, but C promotes the result to int. When the producer counter wraps around and the consumer has not yet caught up, the subtraction yields a negative int, incorrectly indicating no room in the fifo. This prevents proper enqueue of new SKBs, leading to further leaks [1].

Impact

An attacker with local access or the ability to trigger PTP resync operations could cause the kernel to leak memory over time, potentially leading to denial of service (system instability or crash) due to exhaustion of kernel memory. No privilege escalation is described.

Mitigation

The fix is included in the Linux kernel stable commit 234cffda95e1 [1]. Users should apply the latest kernel updates from their distribution. No workaround is mentioned.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

3
68504c66d08c
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
e435941b1da1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
234cffda95e1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.