{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53509","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-01T11:39:39.405Z","datePublished":"2025-10-01T11:45:58.762Z","dateUpdated":"2026-05-11T19:46:21.126Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:46:21.126Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nqed: allow sleep in qed_mcp_trace_dump()\n\nBy default, qed_mcp_cmd_and_union() delays 10us at a time in a loop\nthat can run 500K times, so calls to qed_mcp_nvm_rd_cmd()\nmay block the current thread for over 5s.\nWe observed thread scheduling delays over 700ms in production,\nwith stacktraces pointing to this code as the culprit.\n\nqed_mcp_trace_dump() is called from ethtool, so sleeping is permitted.\nIt already can sleep in qed_mcp_halt(), which calls qed_mcp_cmd().\nAdd a \"can sleep\" parameter to qed_find_nvram_image() and\nqed_nvram_read() so they can sleep during qed_mcp_trace_dump().\nqed_mcp_trace_get_meta_info() and qed_mcp_trace_read_meta(),\ncalled only by qed_mcp_trace_dump(), allow these functions to sleep.\nI can't tell if the other caller (qed_grc_dump_mcp_hw_dump()) can sleep,\nso keep b_can_sleep set to false when it calls these functions.\n\nAn example stacktrace from a custom warning we added to the kernel\nshowing a thread that has not scheduled despite long needing resched:\n[ 2745.362925,17] ------------[ cut here ]------------\n[ 2745.362941,17] WARNING: CPU: 23 PID: 5640 at arch/x86/kernel/irq.c:233 do_IRQ+0x15e/0x1a0()\n[ 2745.362946,17] Thread not rescheduled for 744 ms after irq 99\n[ 2745.362956,17] Modules linked in: ...\n[ 2745.363339,17] CPU: 23 PID: 5640 Comm: lldpd Tainted: P O 4.4.182+ #202104120910+6d1da174272d.61x\n[ 2745.363343,17] Hardware name: FOXCONN MercuryB/Quicksilver Controller, BIOS H11P1N09 07/08/2020\n[ 2745.363346,17] 0000000000000000 ffff885ec07c3ed8 ffffffff8131eb2f ffff885ec07c3f20\n[ 2745.363358,17] ffffffff81d14f64 ffff885ec07c3f10 ffffffff81072ac2 ffff88be98ed0000\n[ 2745.363369,17] 0000000000000063 0000000000000174 0000000000000074 0000000000000000\n[ 2745.363379,17] Call Trace:\n[ 2745.363382,17] [] dump_stack+0x8e/0xcf\n[ 2745.363393,17] [] warn_slowpath_common+0x82/0xc0\n[ 2745.363398,17] [] warn_slowpath_fmt+0x4c/0x50\n[ 2745.363404,17] [] ? rcu_irq_exit+0xae/0xc0\n[ 2745.363408,17] [] do_IRQ+0x15e/0x1a0\n[ 2745.363413,17] [] common_interrupt+0x89/0x89\n[ 2745.363416,17] [] ? delay_tsc+0x24/0x50\n[ 2745.363425,17] [] __udelay+0x34/0x40\n[ 2745.363457,17] [] qed_mcp_cmd_and_union+0x36f/0x7d0 [qed]\n[ 2745.363473,17] [] qed_mcp_nvm_rd_cmd+0x4d/0x90 [qed]\n[ 2745.363490,17] [] qed_mcp_trace_dump+0x4a7/0x630 [qed]\n[ 2745.363504,17] [] ? qed_fw_asserts_dump+0x1d6/0x1f0 [qed]\n[ 2745.363520,17] [] qed_dbg_mcp_trace_get_dump_buf_size+0x37/0x80 [qed]\n[ 2745.363536,17] [] qed_dbg_feature_size+0x61/0xa0 [qed]\n[ 2745.363551,17] [] qed_dbg_all_data_size+0x247/0x260 [qed]\n[ 2745.363560,17] [] qede_get_regs_len+0x30/0x40 [qede]\n[ 2745.363566,17] [] ethtool_get_drvinfo+0xe3/0x190\n[ 2745.363570,17] [] dev_ethtool+0x1362/0x2140\n[ 2745.363575,17] [] ? finish_task_switch+0x76/0x260\n[ 2745.363580,17] [] ? __schedule+0x3c6/0x9d0\n[ 2745.363585,17] [] ? hrtimer_start_range_ns+0x1d0/0x370\n[ 2745.363589,17] [] ? dev_get_by_name_rcu+0x6b/0x90\n[ 2745.363594,17] [] dev_ioctl+0xe8/0x710\n[ 2745.363599,17] [] sock_do_ioctl+0x48/0x60\n[ 2745.363603,17] [] sock_ioctl+0x1c7/0x280\n[ 2745.363608,17] [] ? seccomp_phase1+0x83/0x220\n[ 2745.363612,17] [] do_vfs_ioctl+0x2b3/0x4e0\n[ 2745.363616,17] [] SyS_ioctl+0x41/0x70\n[ 2745.363619,17] [] entry_SYSCALL_64_fastpath+0x1e/0x79\n[ 2745.363622,17] ---[ end trace f6954aa440266421 ]---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/qlogic/qed/qed_debug.c"],"versions":[{"version":"c965db44462919f613973aa618271f6c3f5a1e64","lessThan":"e0387f4f39a8d92302273ac356d1f6b2a38160d8","status":"affected","versionType":"git"},{"version":"c965db44462919f613973aa618271f6c3f5a1e64","lessThan":"50c81b35df01db12b348c5cbf4b1917dc9a7db54","status":"affected","versionType":"git"},{"version":"c965db44462919f613973aa618271f6c3f5a1e64","lessThan":"5401c3e0992860b11fb4b25796e4c4f1921740df","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/qlogic/qed/qed_debug.c"],"versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","status":"unaffected","versionType":"semver"},{"version":"6.0.19","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.5","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.0.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.1.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e0387f4f39a8d92302273ac356d1f6b2a38160d8"},{"url":"https://git.kernel.org/stable/c/50c81b35df01db12b348c5cbf4b1917dc9a7db54"},{"url":"https://git.kernel.org/stable/c/5401c3e0992860b11fb4b25796e4c4f1921740df"}],"title":"qed: allow sleep in qed_mcp_trace_dump()","x_generator":{"engine":"bippy-1.2.0"}}}}