CVE-2023-53312
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53312
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53312.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53312
- Downstream
- Related
- Published
- 2025-09-16T16:11:49Z
- Modified
- 2025-10-16T16:29:36.154231Z
- Summary
- net: fix net_dev_start_xmit trace event vs skb_transport_offset()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: fix netdevstartxmit trace event vs skbtransport_offset()
After blamed commit, we must be more careful about using skbtransportoffset(), as reminded us by syzbot:
WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 skbtransportoffset include/linux/skbuff.h:2977 [inline] WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 perftracenetdevstartxmit+0x89a/0xce0 include/trace/events/net.h:14 Modules linked in: CPU: 0 PID: 10 Comm: kworker/u4:1 Not tainted 6.1.30-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Workqueue: batevents batadvivsendoutstandingbatogmpacket RIP: 0010:skbtransportheader include/linux/skbuff.h:2868 [inline] RIP: 0010:skbtransportoffset include/linux/skbuff.h:2977 [inline] RIP: 0010:perftracenetdevstartxmit+0x89a/0xce0 include/trace/events/net.h:14 Code: 8b 04 25 28 00 00 00 48 3b 84 24 c0 00 00 00 0f 85 4e 04 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc e8 56 22 01 fd <0f> 0b e9 f6 fc ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 86 f9 ff RSP: 0018:ffffc900002bf700 EFLAGS: 00010293 RAX: ffffffff8485d8ca RBX: 000000000000ffff RCX: ffff888100914280 RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff RBP: ffffc900002bf818 R08: ffffffff8485d5b6 R09: fffffbfff0f8fb5e R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110217d8f67 R13: ffff88810bec7b3a R14: dffffc0000000000 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f96cf6d52f0 CR3: 000000012224c000 CR4: 0000000000350ef0 Call Trace: <TASK> [<ffffffff84715e35>] tracenetdevstartxmit include/trace/events/net.h:14 [inline] [<ffffffff84715e35>] xmitone net/core/dev.c:3643 [inline] [<ffffffff84715e35>] devhardstartxmit+0x705/0x980 net/core/dev.c:3660 [<ffffffff8471a232>] _devqueuexmit+0x16b2/0x3370 net/core/dev.c:4324 [<ffffffff85416493>] devqueuexmit include/linux/netdevice.h:3030 [inline] [<ffffffff85416493>] batadvsendskbpacket+0x3f3/0x680 net/batman-adv/send.c:108 [<ffffffff85416744>] batadvsendbroadcastskb+0x24/0x30 net/batman-adv/send.c:127 [<ffffffff853bc52a>] batadvivogmsendtoif net/batman-adv/bativogm.c:393 [inline] [<ffffffff853bc52a>] batadvivogmemit net/batman-adv/bativogm.c:421 [inline] [<ffffffff853bc52a>] batadvivsendoutstandingbatogmpacket+0x69a/0x840 net/batman-adv/bativogm.c:1701 [<ffffffff8151023c>] processonework+0x8ac/0x1170 kernel/workqueue.c:2289 [<ffffffff81511938>] worker_thread+0xaa8/0x12d0 kernel/workqueue.c:2436
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced66e4c8d950083df8e12981babca788e1635c92b6Fixedced61418f46993d571385812bafed3a7d4ab6918
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced66e4c8d950083df8e12981babca788e1635c92b6Fixed58f9e88eb247263c74383b4ee8858abac15cdbe0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced66e4c8d950083df8e12981babca788e1635c92b6Fixedf88fcb1d7d961b4b402d675109726f94db87571c