CVE-2023-53559

EPSS 0.02%
Veröffentlicht 04.10.2025 15:17:03
Zuletzt bearbeitet 21.03.2026 01:01:22
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ip_vti: fix potential slab-use-after-free in decode_session6

In the Linux kernel, the following vulnerability has been resolved:

ip_vti: fix potential slab-use-after-free in decode_session6

When ip_vti device is set to the qdisc of the sfb type, the cb field
of the sent skb may be modified during enqueuing. Then,
slab-use-after-free may occur when ip_vti device sends IPv6 packets.
As commit f855691975bb ("xfrm6: Fix the nexthdr offset in
_decode_session6.") showed, xfrm_decode_session was originally intended
only for the receive path. IP6CB(skb)->nhoff is not set during
transmission. Therefore, set the cb field in the skb to 0 before
sending packets.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

NVD 15 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.19.1 < 4.14.324

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.293

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.255

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.192

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.128

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.47

Linux ≫ Linux Kernel Version >= 6.2 < 6.4.12

Linux ≫ Linux Kernel Version3.19 Update-

Linux ≫ Linux Kernel Version3.19 Updaterc7

Linux ≫ Linux Kernel Version6.5 Updaterc1

Linux ≫ Linux Kernel Version6.5 Updaterc2

Linux ≫ Linux Kernel Version6.5 Updaterc3

Linux ≫ Linux Kernel Version6.5 Updaterc4

Linux ≫ Linux Kernel Version6.5 Updaterc5

Linux ≫ Linux Kernel Version6.5 Updaterc6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.044

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/82fb41c5de243e7dfa90f32ca58e35adaff56c1d

Patch

https://git.kernel.org/stable/c/7dfe23659f3677c08a60a0056cda2d91a79c15ca

Patch

https://git.kernel.org/stable/c/d34c30442d5e53a33cde79ca163320dbe2432cbd

Patch

https://git.kernel.org/stable/c/0b4d69539fdea138af2befe08893850c89248068

Patch

https://git.kernel.org/stable/c/e1e04cc2ef2c0c0866c19f5627149a76c2baae32

Patch

https://git.kernel.org/stable/c/2b05bf5dc437f7891dd409a3eaf5058459391c7a

Patch