-

CVE-2023-53559

EPSS 0.02%
Veröffentlicht 04.10.2025 15:17:03
Zuletzt bearbeitet 06.10.2025 14:56:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ip_vti: fix potential slab-use-after-free in decode_session6

When ip_vti device is set to the qdisc of the sfb type, the cb field
of the sent skb may be modified during enqueuing. Then,
slab-use-after-free may occur when ip_vti device sends IPv6 packets.
As commit f855691975bb ("xfrm6: Fix the nexthdr offset in
_decode_session6.") showed, xfrm_decode_session was originally intended
only for the receive path. IP6CB(skb)->nhoff is not set during
transmission. Therefore, set the cb field in the skb to 0 before
sending packets.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 82fb41c5de243e7dfa90f32ca58e35adaff56c1d

Version f855691975bb06373a98711e4cfe2c224244b536

Status affected

Version < 7dfe23659f3677c08a60a0056cda2d91a79c15ca

Version f855691975bb06373a98711e4cfe2c224244b536

Status affected

Version < d34c30442d5e53a33cde79ca163320dbe2432cbd

Version f855691975bb06373a98711e4cfe2c224244b536

Status affected

Version < 0b4d69539fdea138af2befe08893850c89248068

Version f855691975bb06373a98711e4cfe2c224244b536

Status affected

Version < e1e04cc2ef2c0c0866c19f5627149a76c2baae32

Version f855691975bb06373a98711e4cfe2c224244b536

Status affected

Version < 2b05bf5dc437f7891dd409a3eaf5058459391c7a

Version f855691975bb06373a98711e4cfe2c224244b536

Status affected

Version < 78e397a43e1c47321a4679cc49a6c4530bf820b9

Version f855691975bb06373a98711e4cfe2c224244b536

Status affected

Version < 6018a266279b1a75143c7c0804dd08a5fc4c3e0b

Version f855691975bb06373a98711e4cfe2c224244b536

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.19

Status affected

Version < 3.19

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.324

Status unaffected

Version <= 4.19.*

Version 4.19.293

Status unaffected

Version <= 5.4.*

Version 5.4.255

Status unaffected

Version <= 5.10.*

Version 5.10.192

Status unaffected

Version <= 5.15.*

Version 5.15.128

Status unaffected

Version <= 6.1.*

Version 6.1.47

Status unaffected

Version <= 6.4.*

Version 6.4.12

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/82fb41c5de243e7dfa90f32ca58e35adaff56c1d

https://git.kernel.org/stable/c/7dfe23659f3677c08a60a0056cda2d91a79c15ca

https://git.kernel.org/stable/c/d34c30442d5e53a33cde79ca163320dbe2432cbd

https://git.kernel.org/stable/c/0b4d69539fdea138af2befe08893850c89248068

https://git.kernel.org/stable/c/e1e04cc2ef2c0c0866c19f5627149a76c2baae32

https://git.kernel.org/stable/c/2b05bf5dc437f7891dd409a3eaf5058459391c7a

https://git.kernel.org/stable/c/78e397a43e1c47321a4679cc49a6c4530bf820b9

https://git.kernel.org/stable/c/6018a266279b1a75143c7c0804dd08a5fc4c3e0b

https://nvd.nist.gov/vuln/detail/CVE-2023-53559

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53559

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53559

EUVD