Bug 2424992 (CVE-2023-54040)

Summary: CVE-2023-54040 kernel: Linux kernel: Denial of Service due to incorrect FDIR filter fallback logic
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel. Incorrect fallback logic within the FDIR (Flow Director) filter handling of the 'ice' network driver can occur when adding a filter. A local attacker with low privileges could exploit this flaw, leading to a memory leak. This memory leak could eventually result in a Denial of Service (DoS) condition on the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-24 12:06:37 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ice: fix wrong fallback logic for FDIR

When adding a FDIR filter, if ice_vc_fdir_set_irq_ctx returns failure,
the inserted fdir entry will not be removed and if ice_vc_fdir_write_fltr
returns failure, the fdir context info for irq handler will not be cleared
which may lead to inconsistent or memory leak issue. This patch refines
failure cases to resolve this issue.
Comment 1 Alexander B 2025-12-25 10:24:21 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122440-CVE-2023-54040-83dd@gregkh/T