Bug 2424968 (CVE-2023-54030)

Summary: CVE-2023-54030 kernel: io_uring/net: don't overflow multishot recv
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's io_uring subsystem. When using multishot receive operations, completion queue entries (CQEs) can overflow without proper limits. This can lead to excessive memory consumption, performance degradation, and in worst cases, an out-of-memory (OOM) condition for the affected task.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-24 12:04:39 UTC 
In the Linux kernel, the following vulnerability has been resolved:

io_uring/net: don't overflow multishot recv

Don't allow overflowing multishot recv CQEs, it might get out of
hand, hurt performance, and in the worst case scenario OOM the task.
Comment 1 Alexander B 2025-12-25 12:10:01 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122436-CVE-2023-54030-e7f3@gregkh/T