CVE-2023-53347: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's net/mlx5 module has been identified and assigned CVE-2023-53347. The issue relates to the handling of E-switch pairing via uplink un/load APIs, specifically when switching devices between switchdev and legacy modes. This vulnerability was published on September 17, 2025, and affects the Linux kernel's networking stack (NVD).

The vulnerability occurs during device mode switching operations. When a user switches a device from switchdev mode to legacy mode, the mlx5 driver first unpairs the E-switch and then unloads the uplink vport. However, during device removal or reload, the sequence is reversed - the uplink vport is unloaded before unpairing the E-switch. This incorrect sequence causes issues particularly when VFLAG is in use, where tc fdb flows are duplicated to the peer esw. The bug manifests when the peer device is removed first, causing the peer net-dev to be destroyed and mlx5epriv to be zeroed, leading to kernel panics when attempting to access the invalidated memory (NVD).

The vulnerability can result in kernel panics and system instability. When triggered, it causes page faults and supervisor read access errors in kernel mode, leading to system crashes. This particularly affects systems using the mlx5 driver with VF_LAG configurations (NVD).

Red Hat has acknowledged the vulnerability and is currently investigating it. As of the current date, no official mitigation strategies have been published (Red Hat Portal).