{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54292","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-30T12:06:44.527Z","datePublished":"2025-12-30T12:23:30.419Z","dateUpdated":"2026-05-11T19:59:08.490Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:59:08.490Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix data race on CQP request done\n\nKCSAN detects a data race on cqp_request->request_done memory location\nwhich is accessed locklessly in irdma_handle_cqp_op while being\nupdated in irdma_cqp_ce_handler.\n\nAnnotate lockless intent with READ_ONCE/WRITE_ONCE to avoid any\ncompiler optimizations like load fusing and/or KCSAN warning.\n\n[222808.417128] BUG: KCSAN: data-race in irdma_cqp_ce_handler [irdma] / irdma_wait_event [irdma]\n\n[222808.417532] write to 0xffff8e44107019dc of 1 bytes by task 29658 on cpu 5:\n[222808.417610]  irdma_cqp_ce_handler+0x21e/0x270 [irdma]\n[222808.417725]  cqp_compl_worker+0x1b/0x20 [irdma]\n[222808.417827]  process_one_work+0x4d1/0xa40\n[222808.417835]  worker_thread+0x319/0x700\n[222808.417842]  kthread+0x180/0x1b0\n[222808.417852]  ret_from_fork+0x22/0x30\n\n[222808.417918] read to 0xffff8e44107019dc of 1 bytes by task 29688 on cpu 1:\n[222808.417995]  irdma_wait_event+0x1e2/0x2c0 [irdma]\n[222808.418099]  irdma_handle_cqp_op+0xae/0x170 [irdma]\n[222808.418202]  irdma_cqp_cq_destroy_cmd+0x70/0x90 [irdma]\n[222808.418308]  irdma_puda_dele_rsrc+0x46d/0x4d0 [irdma]\n[222808.418411]  irdma_rt_deinit_hw+0x179/0x1d0 [irdma]\n[222808.418514]  irdma_ib_dealloc_device+0x11/0x40 [irdma]\n[222808.418618]  ib_dealloc_device+0x2a/0x120 [ib_core]\n[222808.418823]  __ib_unregister_device+0xde/0x100 [ib_core]\n[222808.418981]  ib_unregister_device+0x22/0x40 [ib_core]\n[222808.419142]  irdma_ib_unregister_device+0x70/0x90 [irdma]\n[222808.419248]  i40iw_close+0x6f/0xc0 [irdma]\n[222808.419352]  i40e_client_device_unregister+0x14a/0x180 [i40e]\n[222808.419450]  i40iw_remove+0x21/0x30 [irdma]\n[222808.419554]  auxiliary_bus_remove+0x31/0x50\n[222808.419563]  device_remove+0x69/0xb0\n[222808.419572]  device_release_driver_internal+0x293/0x360\n[222808.419582]  driver_detach+0x7c/0xf0\n[222808.419592]  bus_remove_driver+0x8c/0x150\n[222808.419600]  driver_unregister+0x45/0x70\n[222808.419610]  auxiliary_driver_unregister+0x16/0x30\n[222808.419618]  irdma_exit_module+0x18/0x1e [irdma]\n[222808.419733]  __do_sys_delete_module.constprop.0+0x1e2/0x310\n[222808.419745]  __x64_sys_delete_module+0x1b/0x30\n[222808.419755]  do_syscall_64+0x39/0x90\n[222808.419763]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n[222808.419829] value changed: 0x01 -> 0x03"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/hw/irdma/hw.c","drivers/infiniband/hw/irdma/main.h","drivers/infiniband/hw/irdma/utils.c"],"versions":[{"version":"915cc7ac0f8e2a23675ee896e87f17c7d3c47089","lessThan":"c5b5dbcbf91f769b8eb25f88e32a1522f920f37a","status":"affected","versionType":"git"},{"version":"915cc7ac0f8e2a23675ee896e87f17c7d3c47089","lessThan":"5986e96be7d0b82e50a9c6b019ea3f1926fd8764","status":"affected","versionType":"git"},{"version":"915cc7ac0f8e2a23675ee896e87f17c7d3c47089","lessThan":"b8b90ba636e3861665aef9a3eab5fcf92839a2c5","status":"affected","versionType":"git"},{"version":"915cc7ac0f8e2a23675ee896e87f17c7d3c47089","lessThan":"f0842bb3d38863777e3454da5653d80b5fde6321","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/hw/irdma/hw.c","drivers/infiniband/hw/irdma/main.h","drivers/infiniband/hw/irdma/utils.c"],"versions":[{"version":"5.14","status":"affected"},{"version":"0","lessThan":"5.14","status":"unaffected","versionType":"semver"},{"version":"5.15.124","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.43","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.8","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"5.15.124"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.1.43"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.4.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c5b5dbcbf91f769b8eb25f88e32a1522f920f37a"},{"url":"https://git.kernel.org/stable/c/5986e96be7d0b82e50a9c6b019ea3f1926fd8764"},{"url":"https://git.kernel.org/stable/c/b8b90ba636e3861665aef9a3eab5fcf92839a2c5"},{"url":"https://git.kernel.org/stable/c/f0842bb3d38863777e3454da5653d80b5fde6321"}],"title":"RDMA/irdma: Fix data race on CQP request done","x_generator":{"engine":"bippy-1.2.0"}}}}