CVE-2023-53595
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's octeontx2-pf driver for Marvell OcteonTX2 network adapters causes kernel crashes when rebooting a system with a MACsec interface configured. This affects systems using these specific network cards with MACsec enabled, leading to denial of service during shutdown/reboot sequences.
💻 Affected Systems
- Linux kernel with octeontx2-pf driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash during reboot/shutdown, potentially causing data corruption or requiring manual intervention to recover the system.
Likely Case
Kernel panic and system crash when rebooting with MACsec interfaces configured, resulting in denial of service.
If Mitigated
No impact if MACsec is not used or the system is not rebooted with MACsec interfaces active.
🎯 Exploit Status
Exploitation requires ability to create MACsec interfaces and trigger system reboot, typically requiring privileged access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 1152c0f947b76e7731e039185cbd00fdb4389f00, 13ff119b17e5e2916435ce01a0156c8698ad9e16, 699af748c61574125d269db260dabbe20436d74e, or a3dcc45eca017fca82ac47dbde6f41af960657e5
Vendor Advisory: https://git.kernel.org/stable/c/1152c0f947b76e7731e039185cbd00fdb4389f00
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable MACsec interfaces before reboot
linuxRemove MACsec interfaces or avoid using MACsec on OcteonTX2 adapters
ip link delete macsec0
systemctl stop macsec services if configured
🧯 If You Can't Patch
- Avoid creating MACsec interfaces on OcteonTX2 network adapters
- Use alternative network adapters for MACsec functionality if available
🔍 How to Verify
Check if Vulnerable:
Check if system uses OcteonTX2 network cards: lspci | grep -i marvell && check if MACsec interfaces exist: ip link show type macsecCheck Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: uname -r && check distribution's kernel changelog for the specific commits📡 Detection & Monitoring
Log Indicators:
- Kernel NULL pointer dereference errors in dmesg or system logs
- Call traces mentioning cn10k_mdo_del_secy or cn10k_mdo_stop
- System crashes during reboot with MACsec configured
Network Indicators:
- None - this is a local kernel crash
SIEM Query:
Search for kernel panic logs containing 'octeontx2-pf', 'mcs', or 'macsec' during shutdown events