CVE-2023-53114: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in recovery mode then i40e_init_recovery_mode() is called and the rest of probe function is skipped including pci_set_drvdata(). Subsequent i40e_shutdown() called during shutdown/reboot dereferences NULL pointer as pci_get_drvdata() returns NULL. To fix call pci_set_drvdata() also during entering to recovery mode. Reproducer: 1) Lets have i40e NIC with firmware in recovery mode 2) Run reboot Result: [ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver [ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation. [ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality. [ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode. [ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0 [ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality. [ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode. [ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0 ... [ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2 [ 156.318330] #PF: supervisor write access in kernel mode [ 156.323546] #PF: error_code(0x0002) - not-present page [ 156.328679] PGD 0 P4D 0 [ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1 [ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022 [ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e] [ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 <f0> 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00 [ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282 [ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001 [ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000 [ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40 [ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000 [ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000 [ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000 [ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0 [ 156.438944] PKRU: 55555554 [ 156.441647] Call Trace: [ 156.444096] <TASK> [ 156.446199] pci_device_shutdown+0x38/0x60 [ 156.450297] device_shutdown+0x163/0x210 [ 156.454215] kernel_restart+0x12/0x70 [ 156.457872] __do_sys_reboot+0x1ab/0x230 [ 156.461789] ? vfs_writev+0xa6/0x1a0 [ 156.465362] ? __pfx_file_free_rcu+0x10/0x10 [ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0 [ 156.475034] do_syscall_64+0x3e/0x90 [ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 156.483658] RIP: 0033:0x7fe7bff37ab7
AI Analysis
Technical Summary
CVE-2023-53114 is a vulnerability in the Linux kernel's i40e driver, which supports Intel(R) Ethernet Connection XL710 network adapters. The flaw arises when the network adapter firmware is in recovery mode during system probe. Normally, the driver sets device-specific data via pci_set_drvdata() during initialization. However, if the firmware is detected in recovery mode, the driver skips this step. Later, during system shutdown or reboot, the i40e_shutdown() function calls pci_get_drvdata() expecting valid data, but receives a NULL pointer instead. This leads to a NULL pointer dereference and a kernel crash (kernel oops), causing a denial of service (DoS) condition. The issue is triggered by rebooting a system with an i40e NIC whose firmware is in recovery mode. The root cause is the missing pci_set_drvdata() call when entering recovery mode, which was fixed by ensuring this call is made even in recovery mode. The vulnerability affects Linux kernel versions containing the vulnerable i40e driver code prior to the fix. Exploitation requires the NIC firmware to be in recovery mode, which may occur due to firmware issues or hardware faults. The crash occurs during reboot or shutdown sequences, potentially causing system instability or failure to reboot properly. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability impacts system availability by causing kernel crashes and reboots to fail when the NIC is in recovery mode.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and infrastructure using Intel XL710 network adapters running vulnerable Linux kernels. The impact is a denial of service due to kernel crashes during reboot or shutdown if the NIC firmware enters recovery mode. This can disrupt critical services, especially in data centers, cloud environments, and enterprise networks relying on these NICs for high-speed connectivity. The inability to reboot cleanly can delay maintenance, patching, or recovery operations, increasing downtime. While it does not directly compromise confidentiality or integrity, the availability impact can affect business continuity and operational reliability. Organizations with automated reboot or update processes may face repeated failures, complicating system management. Since exploitation requires the NIC firmware to be in recovery mode, the risk is somewhat limited to hardware or firmware fault scenarios but remains significant for affected hardware deployments.
Mitigation Recommendations
1. Apply the vendor-provided Linux kernel patch that fixes the i40e driver to ensure pci_set_drvdata() is called during recovery mode initialization. 2. Monitor NIC firmware health and update firmware to the latest stable versions to reduce the chance of entering recovery mode. 3. Implement hardware monitoring and alerting for NIC firmware recovery mode states to proactively detect issues. 4. For critical systems, consider fallback network interfaces or redundant NICs to maintain connectivity if one adapter enters recovery mode. 5. Test reboot and shutdown procedures in controlled environments after patching to confirm stability. 6. Coordinate with hardware vendors for firmware updates and support to prevent firmware faults triggering recovery mode. 7. Avoid rebooting systems with NICs known to be in recovery mode until the issue is resolved to prevent kernel crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2023-53114: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in recovery mode then i40e_init_recovery_mode() is called and the rest of probe function is skipped including pci_set_drvdata(). Subsequent i40e_shutdown() called during shutdown/reboot dereferences NULL pointer as pci_get_drvdata() returns NULL. To fix call pci_set_drvdata() also during entering to recovery mode. Reproducer: 1) Lets have i40e NIC with firmware in recovery mode 2) Run reboot Result: [ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver [ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation. [ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality. [ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode. [ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0 [ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality. [ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode. [ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0 ... [ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2 [ 156.318330] #PF: supervisor write access in kernel mode [ 156.323546] #PF: error_code(0x0002) - not-present page [ 156.328679] PGD 0 P4D 0 [ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1 [ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022 [ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e] [ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 <f0> 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00 [ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282 [ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001 [ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000 [ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40 [ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000 [ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000 [ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000 [ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0 [ 156.438944] PKRU: 55555554 [ 156.441647] Call Trace: [ 156.444096] <TASK> [ 156.446199] pci_device_shutdown+0x38/0x60 [ 156.450297] device_shutdown+0x163/0x210 [ 156.454215] kernel_restart+0x12/0x70 [ 156.457872] __do_sys_reboot+0x1ab/0x230 [ 156.461789] ? vfs_writev+0xa6/0x1a0 [ 156.465362] ? __pfx_file_free_rcu+0x10/0x10 [ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0 [ 156.475034] do_syscall_64+0x3e/0x90 [ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 156.483658] RIP: 0033:0x7fe7bff37ab7
AI-Powered Analysis
Technical Analysis
CVE-2023-53114 is a vulnerability in the Linux kernel's i40e driver, which supports Intel(R) Ethernet Connection XL710 network adapters. The flaw arises when the network adapter firmware is in recovery mode during system probe. Normally, the driver sets device-specific data via pci_set_drvdata() during initialization. However, if the firmware is detected in recovery mode, the driver skips this step. Later, during system shutdown or reboot, the i40e_shutdown() function calls pci_get_drvdata() expecting valid data, but receives a NULL pointer instead. This leads to a NULL pointer dereference and a kernel crash (kernel oops), causing a denial of service (DoS) condition. The issue is triggered by rebooting a system with an i40e NIC whose firmware is in recovery mode. The root cause is the missing pci_set_drvdata() call when entering recovery mode, which was fixed by ensuring this call is made even in recovery mode. The vulnerability affects Linux kernel versions containing the vulnerable i40e driver code prior to the fix. Exploitation requires the NIC firmware to be in recovery mode, which may occur due to firmware issues or hardware faults. The crash occurs during reboot or shutdown sequences, potentially causing system instability or failure to reboot properly. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability impacts system availability by causing kernel crashes and reboots to fail when the NIC is in recovery mode.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to servers and infrastructure using Intel XL710 network adapters running vulnerable Linux kernels. The impact is a denial of service due to kernel crashes during reboot or shutdown if the NIC firmware enters recovery mode. This can disrupt critical services, especially in data centers, cloud environments, and enterprise networks relying on these NICs for high-speed connectivity. The inability to reboot cleanly can delay maintenance, patching, or recovery operations, increasing downtime. While it does not directly compromise confidentiality or integrity, the availability impact can affect business continuity and operational reliability. Organizations with automated reboot or update processes may face repeated failures, complicating system management. Since exploitation requires the NIC firmware to be in recovery mode, the risk is somewhat limited to hardware or firmware fault scenarios but remains significant for affected hardware deployments.
Mitigation Recommendations
1. Apply the vendor-provided Linux kernel patch that fixes the i40e driver to ensure pci_set_drvdata() is called during recovery mode initialization. 2. Monitor NIC firmware health and update firmware to the latest stable versions to reduce the chance of entering recovery mode. 3. Implement hardware monitoring and alerting for NIC firmware recovery mode states to proactively detect issues. 4. For critical systems, consider fallback network interfaces or redundant NICs to maintain connectivity if one adapter enters recovery mode. 5. Test reboot and shutdown procedures in controlled environments after patching to confirm stability. 6. Coordinate with hardware vendors for firmware updates and support to prevent firmware faults triggering recovery mode. 7. Avoid rebooting systems with NICs known to be in recovery mode until the issue is resolved to prevent kernel crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-05-02T15:51:43.554Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe703c
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 4:39:32 AM
Last updated: 7/31/2025, 6:16:06 PM
Views: 11
Related Threats
CVE-2025-8285: CWE-862: Missing Authorization in Mattermost Mattermost Confluence Plugin
MediumCVE-2025-54525: CWE-1287: Improper Validation of Specified Type of Input in Mattermost Mattermost Confluence Plugin
HighCVE-2025-54478: CWE-306: Missing Authentication for Critical Function in Mattermost Mattermost Confluence Plugin
HighCVE-2025-54463: CWE-754: Improper Check for Unusual or Exceptional Conditions in Mattermost Mattermost Confluence Plugin
MediumCVE-2025-54458: CWE-862: Missing Authorization in Mattermost Mattermost Confluence Plugin
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.