Bug 2454840 (CVE-2026-23441) - CVE-2026-23441 kernel: net/mlx5e: Prevent concurrent access to IPSec ASO context
Summary: CVE-2026-23441 kernel: net/mlx5e: Prevent concurrent access to IPSec ASO context
Keywords:
Status: NEW
Alias: CVE-2026-23441
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-03 16:03 UTC by OSIDB Bzimport
Modified: 2026-04-03 18:12 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-03 16:03:39 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Prevent concurrent access to IPSec ASO context

The query or updating IPSec offload object is through Access ASO WQE.
The driver uses a single mlx5e_ipsec_aso struct for each PF, which
contains a shared DMA-mapped context for all ASO operations.

A race condition exists because the ASO spinlock is released before
the hardware has finished processing WQE. If a second operation is
initiated immediately after, it overwrites the shared context in the
DMA area.

When the first operation's completion is processed later, it reads
this corrupted context, leading to unexpected behavior and incorrect
results.

This commit fixes the race by introducing a private context within
each IPSec offload object. The shared ASO context is now copied to
this private context while the ASO spinlock is held. Subsequent
processing uses this saved, per-object context, ensuring its integrity
is maintained.
Comment 1 Jon Moroney 2026-04-03 18:09:05 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026040313-CVE-2026-23441-b47e@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.