What is CVE-2023-54318?

CVE-2023-54318 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.8 onward and patched in 5.10.195, 5.15.132, 6.1.54 and others. CVE-2023-54318 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54318?

CVE-2023-54318 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54318?

Yes, CVE-2023-54318 has been patched. Fixed versions include 5.10.195, 5.15.132, 6.1.54 and others. If you are running Linux kernel 5.8 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54318 actively exploited?

CVE-2023-54318 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54318

In the Linux kernel, the following vulnerability has been resolved: net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add While doing smcr_port_add, there maybe linkgroup add into or delete from smc_lgr_list.list at the same time, which may result kernel crash. So, use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add. The crash calltrace show below: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 0 PID: 559726 Comm: kworker/0:92 Kdump: loaded Tainted: G Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 449e491 04/01/2014 Workqueue: events smc_ib_port_event_work [smc] RIP: 0010:smcr_port_add+0xa6/0xf0 [smc] RSP: 0000:ffffa5a2c8f67de0 EFLAGS: 00010297 RAX: 0000000000000001 RBX: ffff9935e0650000 RCX: 0000000000000000 RDX: 0000000000000010 RSI: ffff9935e0654290 RDI: ffff9935c8560000 RBP: 0000000000000000 R08: 0000000000000000 R09: ffff9934c0401918 R10: 0000000000000000 R11: ffffffffb4a5c278 R12: ffff99364029aae4 R13: ffff99364029aa00 R14: 00000000ffffffed R15: ffff99364029ab08 FS: 0000000000000000(0000) GS:ffff994380600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000f06a10003 CR4: 0000000002770ef0 PKRU: 55555554 Call Trace: smc_ib_port_event_work+0x18f/0x380 [smc] process_one_work+0x19b/0x340 worker_thread+0x30/0x370 ? process_one_work+0x340/0x340 kthread+0x114/0x130 ? __kthread_cancel_work+0x50/0x50 ret_from_fork+0x1f/0x30

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.8 and later are affected. Fixed in 5.10.195, 5.15.132, 6.1.54, 6.5.4, 6.6 and their respective stable series.

Affected from

≥ 5.8

Fixed in

✓ 5.10.195 5.10.x ✓ 5.15.132 5.15.x ✓ 6.1.54 6.1.x ✓ 6.5.4 6.5.x ✓ 6.6

References

The following references provide additional information about CVE-2023-54318 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/06b4934ab2b534bb92935c7601852066ebb9eab8
Patch
Kernel patch commit
https://git.kernel.org/stable/c/70c8d17007dc4a07156b7da44509527990e569b3
Patch
Kernel patch commit
https://git.kernel.org/stable/c/b717463610a27fc0b58484cfead7a623d5913e61
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54318?

CVE-2023-54318 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.8 onward and has been patched in 5.10.195, 5.15.132, 6.1.54 and others. CVE-2023-54318 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54318?

Yes — CVE-2023-54318 has been patched. Fixed versions include 5.10.195, 5.15.132, 6.1.54 and others. If you are running Linux kernel 5.8 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54318 actively exploited?

No — CVE-2023-54318 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.