-

CVE-2023-53189

EPSS 0.03%
Veröffentlicht 15.09.2025 14:05:26
Zuletzt bearbeitet 15.09.2025 15:22:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ipv6/addrconf: fix a potential refcount underflow for idev

Now in addrconf_mod_rs_timer(), reference idev depends on whether
rs_timer is not pending. Then modify rs_timer timeout.

There is a time gap in [1], during which if the pending rs_timer
becomes not pending. It will miss to hold idev, but the rs_timer
is activated. Thus rs_timer callback function addrconf_rs_timer()
will be executed and put idev later without holding idev. A refcount
underflow issue for idev can be caused by this.

	if (!timer_pending(&idev->rs_timer))
		in6_dev_hold(idev);
		  <--------------[1]
	mod_timer(&idev->rs_timer, jiffies + when);

To fix the issue, hold idev if mod_timer() return 0.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c6395e32935d35e6f935e7caf1c2dac5a95943b4

Version b7b1bfce0bb68bd8f6e62a28295922785cc63781

Status affected

Version < df62fdcd004afa72ecbed0e862ebb983acd3aa57

Version b7b1bfce0bb68bd8f6e62a28295922785cc63781

Status affected

Version < c7eeba47058532f6077d6a658e38b6698f6ae71a

Version b7b1bfce0bb68bd8f6e62a28295922785cc63781

Status affected

Version < 2ad31ce40e8182860b631e37209e93e543790b7c

Version b7b1bfce0bb68bd8f6e62a28295922785cc63781

Status affected

Version < 82abd1c37d3bf2a2658b34772c17a25a6f9cca42

Version b7b1bfce0bb68bd8f6e62a28295922785cc63781

Status affected

Version < 436b7cc7eae7851c184b671ed7a4a64c750b86f7

Version b7b1bfce0bb68bd8f6e62a28295922785cc63781

Status affected

Version < 1f656e483eb4733d62f18dfb206a49b78f60f495

Version b7b1bfce0bb68bd8f6e62a28295922785cc63781

Status affected

Version < 06a0716949c22e2aefb648526580671197151acc

Version b7b1bfce0bb68bd8f6e62a28295922785cc63781

Status affected

Version 973d5956f754cfc306f5e274d71503498f4b0324

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.11

Status affected

Version < 3.11

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.322

Status unaffected

Version <= 4.19.*

Version 4.19.291

Status unaffected

Version <= 5.4.*

Version 5.4.251

Status unaffected

Version <= 5.10.*

Version 5.10.188

Status unaffected

Version <= 5.15.*

Version 5.15.121

Status unaffected

Version <= 6.1.*

Version 6.1.40

Status unaffected

Version <= 6.4.*

Version 6.4.5

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/c6395e32935d35e6f935e7caf1c2dac5a95943b4

https://git.kernel.org/stable/c/df62fdcd004afa72ecbed0e862ebb983acd3aa57

https://git.kernel.org/stable/c/c7eeba47058532f6077d6a658e38b6698f6ae71a

https://git.kernel.org/stable/c/2ad31ce40e8182860b631e37209e93e543790b7c

https://git.kernel.org/stable/c/82abd1c37d3bf2a2658b34772c17a25a6f9cca42

https://git.kernel.org/stable/c/436b7cc7eae7851c184b671ed7a4a64c750b86f7

https://git.kernel.org/stable/c/1f656e483eb4733d62f18dfb206a49b78f60f495

https://git.kernel.org/stable/c/06a0716949c22e2aefb648526580671197151acc

https://nvd.nist.gov/vuln/detail/CVE-2023-53189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53189

EUVD