{"api_version":"1","generated_at":"2026-04-22T23:09:08+00:00","cve":"CVE-2023-53525","urls":{"html":"https://cve.report/CVE-2023-53525","api":"https://cve.report/api/cve/CVE-2023-53525.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-53525","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-53525"},"summary":{"title":"RDMA/cma: Allow UD qp_type to join multicast only","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Allow UD qp_type to join multicast only\n\nAs for multicast:\n- The SIDR is the only mode that makes sense;\n- Besides PS_UDP, other port spaces like PS_IB is also allowed, as it is\n  UD compatible. In this case qkey also needs to be set [1].\n\nThis patch allows only UD qp_type to join multicast, and set qkey to\ndefault if it's not set, to fix an uninit-value error: the ib->rec.qkey\nfield is accessed without being initialized.\n\n=====================================================\nBUG: KMSAN: uninit-value in cma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\nBUG: KMSAN: uninit-value in cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\n cma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\n cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\n cma_iboe_join_multicast drivers/infiniband/core/cma.c:4782 [inline]\n rdma_join_multicast+0x2b83/0x30a0 drivers/infiniband/core/cma.c:4814\n ucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\n ucma_join_multicast+0x1e3/0x250 drivers/infiniband/core/ucma.c:1546\n ucma_write+0x639/0x6d0 drivers/infiniband/core/ucma.c:1732\n vfs_write+0x8ce/0x2030 fs/read_write.c:588\n ksys_write+0x28c/0x520 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __ia32_sys_write+0xdb/0x120 fs/read_write.c:652\n do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]\n __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180\n do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205\n do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248\n entry_SYSENTER_compat_after_hwframe+0x4d/0x5c\n\nLocal variable ib.i created at:\ncma_iboe_join_multicast drivers/infiniband/core/cma.c:4737 [inline]\nrdma_join_multicast+0x586/0x30a0 drivers/infiniband/core/cma.c:4814\nucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\n\nCPU: 0 PID: 29874 Comm: syz-executor.3 Not tainted 5.16.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n=====================================================\n\n[1] https://lore.kernel.org/linux-rdma/20220117183832.GD84788@nvidia.com/","state":"PUBLISHED","assigner":"Linux","published_at":"2025-10-01 12:15:57","updated_at":"2026-04-06 13:23:37"},"problem_types":["CWE-908"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/02eabb635bc64bd1e3a7cf887d6d182bffb64b99","name":"https://git.kernel.org/stable/c/02eabb635bc64bd1e3a7cf887d6d182bffb64b99","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/bb18b9dbac2bbdf7695e0bfaac4bf944ff7b207d","name":"https://git.kernel.org/stable/c/bb18b9dbac2bbdf7695e0bfaac4bf944ff7b207d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/48e8e7851dc0b1584d83817a78fc7108c8904b54","name":"https://git.kernel.org/stable/c/48e8e7851dc0b1584d83817a78fc7108c8904b54","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/58e84f6b3e84e46524b7e5a916b53c1ad798bc8f","name":"https://git.kernel.org/stable/c/58e84f6b3e84e46524b7e5a916b53c1ad798bc8f","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ae11498851423d6de27aebfe12a5ee85060ab1d5","name":"https://git.kernel.org/stable/c/ae11498851423d6de27aebfe12a5ee85060ab1d5","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-53525","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53525","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b5de0c60cc30c2a3513c7188c73f3f29acc29234 ae11498851423d6de27aebfe12a5ee85060ab1d5 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b5de0c60cc30c2a3513c7188c73f3f29acc29234 48e8e7851dc0b1584d83817a78fc7108c8904b54 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b5de0c60cc30c2a3513c7188c73f3f29acc29234 02eabb635bc64bd1e3a7cf887d6d182bffb64b99 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b5de0c60cc30c2a3513c7188c73f3f29acc29234 bb18b9dbac2bbdf7695e0bfaac4bf944ff7b207d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b5de0c60cc30c2a3513c7188c73f3f29acc29234 58e84f6b3e84e46524b7e5a916b53c1ad798bc8f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected b8d1adbff983be0b54f61c9a4169609d7fab0620 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected feed39c8d1282279fcb30612aa0e8d2635c11280 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.10","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.178 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.108 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.25 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.2.12 6.2.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.3 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"53525","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/infiniband/core/cma.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"ae11498851423d6de27aebfe12a5ee85060ab1d5","status":"affected","version":"b5de0c60cc30c2a3513c7188c73f3f29acc29234","versionType":"git"},{"lessThan":"48e8e7851dc0b1584d83817a78fc7108c8904b54","status":"affected","version":"b5de0c60cc30c2a3513c7188c73f3f29acc29234","versionType":"git"},{"lessThan":"02eabb635bc64bd1e3a7cf887d6d182bffb64b99","status":"affected","version":"b5de0c60cc30c2a3513c7188c73f3f29acc29234","versionType":"git"},{"lessThan":"bb18b9dbac2bbdf7695e0bfaac4bf944ff7b207d","status":"affected","version":"b5de0c60cc30c2a3513c7188c73f3f29acc29234","versionType":"git"},{"lessThan":"58e84f6b3e84e46524b7e5a916b53c1ad798bc8f","status":"affected","version":"b5de0c60cc30c2a3513c7188c73f3f29acc29234","versionType":"git"},{"status":"affected","version":"b8d1adbff983be0b54f61c9a4169609d7fab0620","versionType":"git"},{"status":"affected","version":"feed39c8d1282279fcb30612aa0e8d2635c11280","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/infiniband/core/cma.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"5.10"},{"lessThan":"5.10","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.178","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.108","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.25","versionType":"semver"},{"lessThanOrEqual":"6.2.*","status":"unaffected","version":"6.2.12","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.3","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.178","versionStartIncluding":"5.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.108","versionStartIncluding":"5.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.25","versionStartIncluding":"5.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.12","versionStartIncluding":"5.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.3","versionStartIncluding":"5.10","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.2","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Allow UD qp_type to join multicast only\n\nAs for multicast:\n- The SIDR is the only mode that makes sense;\n- Besides PS_UDP, other port spaces like PS_IB is also allowed, as it is\n  UD compatible. In this case qkey also needs to be set [1].\n\nThis patch allows only UD qp_type to join multicast, and set qkey to\ndefault if it's not set, to fix an uninit-value error: the ib->rec.qkey\nfield is accessed without being initialized.\n\n=====================================================\nBUG: KMSAN: uninit-value in cma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\nBUG: KMSAN: uninit-value in cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\n cma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\n cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\n cma_iboe_join_multicast drivers/infiniband/core/cma.c:4782 [inline]\n rdma_join_multicast+0x2b83/0x30a0 drivers/infiniband/core/cma.c:4814\n ucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\n ucma_join_multicast+0x1e3/0x250 drivers/infiniband/core/ucma.c:1546\n ucma_write+0x639/0x6d0 drivers/infiniband/core/ucma.c:1732\n vfs_write+0x8ce/0x2030 fs/read_write.c:588\n ksys_write+0x28c/0x520 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __ia32_sys_write+0xdb/0x120 fs/read_write.c:652\n do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]\n __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180\n do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205\n do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248\n entry_SYSENTER_compat_after_hwframe+0x4d/0x5c\n\nLocal variable ib.i created at:\ncma_iboe_join_multicast drivers/infiniband/core/cma.c:4737 [inline]\nrdma_join_multicast+0x586/0x30a0 drivers/infiniband/core/cma.c:4814\nucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\n\nCPU: 0 PID: 29874 Comm: syz-executor.3 Not tainted 5.16.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n=====================================================\n\n[1] https://lore.kernel.org/linux-rdma/20220117183832.GD84788@nvidia.com/"}],"providerMetadata":{"dateUpdated":"2025-10-01T11:46:11.188Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/ae11498851423d6de27aebfe12a5ee85060ab1d5"},{"url":"https://git.kernel.org/stable/c/48e8e7851dc0b1584d83817a78fc7108c8904b54"},{"url":"https://git.kernel.org/stable/c/02eabb635bc64bd1e3a7cf887d6d182bffb64b99"},{"url":"https://git.kernel.org/stable/c/bb18b9dbac2bbdf7695e0bfaac4bf944ff7b207d"},{"url":"https://git.kernel.org/stable/c/58e84f6b3e84e46524b7e5a916b53c1ad798bc8f"}],"title":"RDMA/cma: Allow UD qp_type to join multicast only","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2023-53525","datePublished":"2025-10-01T11:46:11.188Z","dateReserved":"2025-10-01T11:39:39.407Z","dateUpdated":"2025-10-01T11:46:11.188Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2025-10-01 12:15:57","lastModifiedDate":"2026-04-06 13:23:37","problem_types":["CWE-908"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.17","versionEndExcluding":"5.9","matchCriteriaId":"BEFC3ACE-365D-48E7-9C0A-019C74CC0725"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.2","versionEndExcluding":"5.10.178","matchCriteriaId":"5FBFBAE2-EA3D-4686-ABC2-C23DC5C8E7DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.108","matchCriteriaId":"12E7A5F9-38FA-429F-A165-975A914E6666"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.25","matchCriteriaId":"A6E5D96B-E06F-4EB1-B0AA-BB8F5E9187E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.2.12","matchCriteriaId":"4AA01E0B-227C-4686-AC91-BA30BCC48E6D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*","matchCriteriaId":"B8E3B0E8-FA27-4305-87BB-AF6C25B160CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*","matchCriteriaId":"A47F0FC3-CE52-4BA1-BA51-22F783938431"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*","matchCriteriaId":"3583026A-27EC-4A4C-850A-83F2AF970673"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:*","matchCriteriaId":"DC271202-7570-4505-89A4-D602D47BFD00"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.3:rc5:*:*:*:*:*:*","matchCriteriaId":"D413BB6D-4F74-4C7D-9163-47786619EF53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.3:rc6:*:*:*:*:*:*","matchCriteriaId":"F4D613FB-9976-4989-8C4A-567773373CEA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"53525","Ordinal":"1","Title":"RDMA/cma: Allow UD qp_type to join multicast only","CVE":"CVE-2023-53525","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"53525","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Allow UD qp_type to join multicast only\n\nAs for multicast:\n- The SIDR is the only mode that makes sense;\n- Besides PS_UDP, other port spaces like PS_IB is also allowed, as it is\n  UD compatible. In this case qkey also needs to be set [1].\n\nThis patch allows only UD qp_type to join multicast, and set qkey to\ndefault if it's not set, to fix an uninit-value error: the ib->rec.qkey\nfield is accessed without being initialized.\n\n=====================================================\nBUG: KMSAN: uninit-value in cma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\nBUG: KMSAN: uninit-value in cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\n cma_set_qkey drivers/infiniband/core/cma.c:510 [inline]\n cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570\n cma_iboe_join_multicast drivers/infiniband/core/cma.c:4782 [inline]\n rdma_join_multicast+0x2b83/0x30a0 drivers/infiniband/core/cma.c:4814\n ucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\n ucma_join_multicast+0x1e3/0x250 drivers/infiniband/core/ucma.c:1546\n ucma_write+0x639/0x6d0 drivers/infiniband/core/ucma.c:1732\n vfs_write+0x8ce/0x2030 fs/read_write.c:588\n ksys_write+0x28c/0x520 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __ia32_sys_write+0xdb/0x120 fs/read_write.c:652\n do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]\n __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180\n do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205\n do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248\n entry_SYSENTER_compat_after_hwframe+0x4d/0x5c\n\nLocal variable ib.i created at:\ncma_iboe_join_multicast drivers/infiniband/core/cma.c:4737 [inline]\nrdma_join_multicast+0x586/0x30a0 drivers/infiniband/core/cma.c:4814\nucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479\n\nCPU: 0 PID: 29874 Comm: syz-executor.3 Not tainted 5.16.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n=====================================================\n\n[1] https://lore.kernel.org/linux-rdma/20220117183832.GD84788@nvidia.com/","Type":"Description","Title":"RDMA/cma: Allow UD qp_type to join multicast only"}]}}}