-

CVE-2023-53995

EPSS 0.04%
Veröffentlicht 24.12.2025 10:55:32
Zuletzt bearbeitet 29.12.2025 15:58:56
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

net: ipv4: fix one memleak in __inet_del_ifa()

I got the below warning when do fuzzing test:
unregister_netdevice: waiting for bond0 to become free. Usage count = 2

It can be repoduced via:

ip link add bond0 type bond
sysctl -w net.ipv4.conf.bond0.promote_secondaries=1
ip addr add 4.117.174.103/0 scope 0x40 dev bond0
ip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0
ip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0
ip addr del 4.117.174.103/0 scope 0x40 dev bond0
ip link delete bond0 type bond

In this reproduction test case, an incorrect 'last_prim' is found in
__inet_del_ifa(), as a result, the secondary address(0.0.0.4/0 scope 0x40)
is lost. The memory of the secondary address is leaked and the reference of
in_device and net_device is leaked.

Fix this problem:
Look for 'last_prim' starting at location of the deleted IP and inserting
the promoted IP into the location of 'last_prim'.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 5624f26a3574500ce23929cb2c9976a0dec9920a

Version 0ff60a45678e67b2547256a636fd00c1667ce4fa

Status affected

Version < 7c8ddcdab1b900bed69cad6beef477fff116289e

Version 0ff60a45678e67b2547256a636fd00c1667ce4fa

Status affected

Version < 2f1e86014d0cc084886c36a2d77bc620e2d42618

Version 0ff60a45678e67b2547256a636fd00c1667ce4fa

Status affected

Version < 980f8445479814509a3cd55a8eabaae1c9030a4c

Version 0ff60a45678e67b2547256a636fd00c1667ce4fa

Status affected

Version < 42652af5360d30b43b06057c193739e7dfb18f42

Version 0ff60a45678e67b2547256a636fd00c1667ce4fa

Status affected

Version < ac28b1ec6135649b5d78b028e47264cb3ebca5ea

Version 0ff60a45678e67b2547256a636fd00c1667ce4fa

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.15

Status affected

Version < 2.6.15

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.257

Status unaffected

Version <= 5.10.*

Version 5.10.195

Status unaffected

Version <= 5.15.*

Version 5.15.132

Status unaffected

Version <= 6.1.*

Version 6.1.54

Status unaffected

Version <= 6.5.*

Version 6.5.4

Status unaffected

Version <= *

Version 6.6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/5624f26a3574500ce23929cb2c9976a0dec9920a

https://git.kernel.org/stable/c/7c8ddcdab1b900bed69cad6beef477fff116289e

https://git.kernel.org/stable/c/2f1e86014d0cc084886c36a2d77bc620e2d42618

https://git.kernel.org/stable/c/980f8445479814509a3cd55a8eabaae1c9030a4c

https://git.kernel.org/stable/c/42652af5360d30b43b06057c193739e7dfb18f42

https://git.kernel.org/stable/c/ac28b1ec6135649b5d78b028e47264cb3ebca5ea

https://nvd.nist.gov/vuln/detail/CVE-2023-53995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53995

EUVD