← Back

CVE-2023-53559

nvd nist
Published: Oct 4, 2025Modified: Jun 17, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ip_vti device sends IPv6 packets. As commit f855691975bb ("xfrm6: Fix the nexthdr offset in _decode_session6.") showed, xfrm_decode_session was originally intended only for the receive path. IP6CB(skb)->nhoff is not set during transmission. Therefore, set the cb field in the skb to 0 before sending packets.

Affected (15)

Products: Linux: Linux Kernel
1 product
Linux Kernel
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Linux
From 3.19.1 to 4.14.324
From 4.15 to 4.19.293
From 4.20 to 5.4.255
From 5.11 to 5.15.128
From 5.16 to 6.1.47
From 5.5 to 5.10.192
From 6.2 to 6.4.12
Version 3.19
Version 3.19 rc7
Version 6.5 rc1
Version 6.5 rc2
Version 6.5 rc3
Version 6.5 rc4
Version 6.5 rc5
Version 6.5 rc6

References (8)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch

Timeline

No history available yet.