{
  "schema_version": "1.4.0",
  "id": "GHSA-89x9-fp8h-wm3w",
  "modified": "2025-09-18T15:30:34Z",
  "published": "2025-09-18T15:30:34Z",
  "aliases": [
    "CVE-2023-53398"
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlx5: fix possible ptp queue fifo use-after-free\n\nFifo indexes are not checked during pop operations and it leads to\npotential use-after-free when poping from empty queue. Such case was\npossible during re-sync action. WARN_ON_ONCE covers future cases.\n\nThere were out-of-order cqe spotted which lead to drain of the queue and\nuse-after-free because of lack of fifo pointers check. Special check and\ncounter are added to avoid resync operation if SKB could not exist in the\nfifo because of OOO cqe (skb_id must be between consumer and producer\nindex).",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53398"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a50cf1e8e5157b82268eee7e330dbe5736a0948"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/52e6e7a0bc04c85012a9251c7cf2d444a77eb966"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6afdedc4e66e3846ce497744f01b95c34bf39d21"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": null,
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:43Z"
  }
}