CVE-2023-53591: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53591 was discovered in the Linux kernel, specifically affecting the net/mlx5e component. The vulnerability was disclosed on October 4, 2025, and involves a deadlock issue in the tc route query code. The vulnerability affects various versions of Red Hat Enterprise Linux 8 and 9, including both standard and RT kernel variants (Red Hat).

The vulnerability stems from an ABBA deadlock that occurs when peer flows are created while holding the devcom rw semaphore. Due to the peer flows offload implementation, the lock is taken higher up in the call chain, making it difficult to directly fix the deadlock. The issue specifically manifests in the tc route query code when accessing the peer eswitch structure for xarray lookup operations. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat).

The vulnerability can lead to a deadlock condition in the Linux kernel's networking stack, specifically affecting the MLX5 driver's traffic control (tc) route query functionality. This could potentially result in system instability and service disruption for affected systems (NVD).

The issue has been resolved through code refactoring that implements lockless execution. The fix includes: RCUifying the devcom 'data' pointer, wrapping all usages of 'paired' boolean in {READ|WRITE}_ONCE(), and refactoring the mlx5e_tc_query_route_vport() function to use the new mlx5_devcom_get_peer_data_rcu() API (NVD).