CVE-2023-54318
Description
In the Linux kernel, the following vulnerability has been resolved:
net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add
While doing smcr_port_add, there maybe linkgroup add into or delete from smc_lgr_list.list at the same time, which may result kernel crash. So, use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add.
The crash calltrace show below: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 0 PID: 559726 Comm: kworker/0:92 Kdump: loaded Tainted: G Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 449e491 04/01/2014 Workqueue: events smc_ib_port_event_work [smc] RIP: 0010:smcr_port_add+0xa6/0xf0 [smc] RSP: 0000:ffffa5a2c8f67de0 EFLAGS: 00010297 RAX: 0000000000000001 RBX: ffff9935e0650000 RCX: 0000000000000000 RDX: 0000000000000010 RSI: ffff9935e0654290 RDI: ffff9935c8560000 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff9934c0401918 R10: 0000000000000000 R11: ffffffffb4a5c278 R12: ffff99364029aae4 R13: ffff99364029aa00 R14: 00000000ffffffed R15: ffff99364029ab08 FS: 0000000000000000(0000) GS:ffff994380600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000f06a10003 CR4: 0000000002770ef0 PKRU: 55555554 Call Trace: smc_ib_port_event_work+0x18f/0x380 [smc] process_one_work+0x19b/0x340 worker_thread+0x30/0x370 ? process_one_work+0x340/0x340 kthread+0x114/0x130 ? __kthread_cancel_work+0x50/0x50 ret_from_fork+0x1f/0x30
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A race condition in the Linux kernel's SMC subsystem can cause a NULL pointer dereference when iterating the link group list without proper locking.
Vulnerability
CVE-2023-54318 is a race condition in the Linux kernel's SMC (Shared Memory Communications) subsystem. The function smcr_port_add iterates over the smc_lgr_list.list without holding the smc_lgr_list.lock, while concurrent link group additions or deletions can modify the same list. This lack of synchronization leads to a NULL pointer dereference when the iteration encounters a corrupted list entry.
Exploitation
The vulnerability is triggered during the processing of a port event workqueue (smc_ib_port_event_work), which calls smcr_port_add. An attacker with the ability to trigger such events (e.g., by manipulating InfiniBand or RoCE port states) could cause the race condition. No special privileges are required beyond access to trigger the event, but the race window is narrow and may require precise timing.
Impact
A successful exploit results in a kernel NULL pointer dereference, leading to a system crash (denial of service). The crash trace shows a BUG: kernel NULL pointer dereference at [1], confirming the immediate impact is system instability. There is no evidence of privilege escalation or data corruption from the provided sources.
Mitigation
The fix is to acquire the smc_lgr_list.lock before iterating the list in smcr_port_add, ensuring mutual exclusion. The patch has been applied to the Linux kernel stable tree `[1] [1] [2]. Users should update to a kernel version containing the fix. No workaround is mentioned.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
5d1c6c93c27a406b4934ab2b570c8d17007dcb717463610a2f5146e3ef0a9Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- git.kernel.org/stable/c/06b4934ab2b534bb92935c7601852066ebb9eab8nvd
- git.kernel.org/stable/c/70c8d17007dc4a07156b7da44509527990e569b3nvd
- git.kernel.org/stable/c/b717463610a27fc0b58484cfead7a623d5913e61nvd
- git.kernel.org/stable/c/d1c6c93c27a4bf48006ab16cd9b38d85559d7645nvd
- git.kernel.org/stable/c/f5146e3ef0a9eea405874b36178c19a4863b8989nvd
News mentions
0No linked articles in our index yet.