CVE-2023-54201

EUVD-2023-60440

30.12.2025, 13:16

In the Linux kernel, the following vulnerability has been resolved:

RDMA/efa: Fix wrong resources deallocation order

When trying to destroy QP or CQ, we first decrease the refcount and
potentially free memory regions allocated for the object and then
request the device to destroy the object. If the device fails, the
object isn't fully destroyed so the user/IB core can try to destroy the
object again which will lead to underflow when trying to decrease an
already zeroed refcount.

Deallocate resources in reverse order of allocating them to safely free
them.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	6.17.13-1 fixed
sid	6.17.13-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed

References

https://git.kernel.org/stable/c/24f9884971f9b34915b67baacf7350a3f6f19ea4

https://git.kernel.org/stable/c/cf38960386f3cc4abf395e556af915e4babcafd2

https://git.kernel.org/stable/c/dc202c57e9a1423aed528e4b8dc949509cd32191

https://git.kernel.org/stable/c/e79db2f51a564fd4daa3e508b987df5e81c34b20