CVE-2023-53136
- Source
- https://cve.org/CVERecord?id=CVE-2023-53136
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53136.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53136
- Downstream
- Published
- 2025-05-02T15:56:08.940Z
- Modified
- 2026-02-20T08:39:46.991107Z
- Summary
- af_unix: fix struct pid leaks in OOB support
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
af_unix: fix struct pid leaks in OOB support
syzbot reported struct pid leak [1].
Issue is that queueoob() calls maybeadd_creds() which potentially holds a reference on a pid.
But skb->destructor is not set (either directly or by calling unixscmto_skb())
This means that subsequent kfreeskb() or consumeskb() would leak this reference.
In this fix, I chose to fully support scm even for the OOB message.
[1] BUG: memory leak unreferenced object 0xffff8881053e7f80 (size 128): comm "syz-executor242", pid 5066, jiffies 4294946079 (age 13.220s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff812ae26a>] allocpid+0x6a/0x560 kernel/pid.c:180 [<ffffffff812718df>] copyprocess+0x169f/0x26c0 kernel/fork.c:2285 [<ffffffff81272b37>] kernelclone+0xf7/0x610 kernel/fork.c:2684 [<ffffffff812730cc>] _dosysclone+0x7c/0xb0 kernel/fork.c:2825 [<ffffffff849ad699>] dosyscallx64 arch/x86/entry/common.c:50 [inline] [<ffffffff849ad699>] dosyscall64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84a0008b>] entrySYSCALL64afterhwframe+0x63/0xcd
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53136.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2aab4b96900272885bc157f8b236abf1cdc02e08
- https://git.kernel.org/stable/c/a59d6306263c38e5c0592ea4451ca26a0778c947
- https://git.kernel.org/stable/c/ac1968ac399205fda9ee3b18f7de7416cb3a5d0d
- https://git.kernel.org/stable/c/f3969427fb06a2c3cd6efd7faab63505cfa76e76
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53136.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53136
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced314001f0bf927015e459c9d387d62a231fe93af3Fixedf3969427fb06a2c3cd6efd7faab63505cfa76e76Fixedac1968ac399205fda9ee3b18f7de7416cb3a5d0dFixeda59d6306263c38e5c0592ea4451ca26a0778c947Fixed2aab4b96900272885bc157f8b236abf1cdc02e08
Affected versions
v5.*
v5.14
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.100
v5.15.101
v5.15.102
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.83
v5.15.84
v5.15.85
v5.15.86
v5.15.87
v5.15.88
v5.15.89
v5.15.9
v5.15.90
v5.15.91
v5.15.92
v5.15.93
v5.15.94
v5.15.95
v5.15.96
v5.15.97
v5.15.98
v5.15.99
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53136.json"
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ac1968ac399205fda9ee3b18f7de7416cb3a5d0d",
"deprecated": false,
"id": "CVE-2023-53136-091acd77",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/unix/af_unix.c",
"function": "queue_oob"
},
"digest": {
"length": 843.0,
"function_hash": "195224884817885892865789093256100923801"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f3969427fb06a2c3cd6efd7faab63505cfa76e76",
"deprecated": false,
"id": "CVE-2023-53136-1ca2d206",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/unix/af_unix.c",
"function": "queue_oob"
},
"digest": {
"length": 843.0,
"function_hash": "195224884817885892865789093256100923801"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2aab4b96900272885bc157f8b236abf1cdc02e08",
"deprecated": false,
"id": "CVE-2023-53136-46f55168",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/unix/af_unix.c",
"function": "queue_oob"
},
"digest": {
"length": 843.0,
"function_hash": "195224884817885892865789093256100923801"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f3969427fb06a2c3cd6efd7faab63505cfa76e76",
"deprecated": false,
"id": "CVE-2023-53136-4f9754f5",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "net/unix/af_unix.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"81348050270006932021977937519945086823",
"217693913963504953218974230713285796727",
"226896636254906371634141726258206316218",
"61409076765612131048487929524383789141",
"17641746177260824185579246679213660995",
"107139432707521396305185279128126532125",
"38691333907698314596488639353712032603",
"178119828524547653945100818903874236696",
"41794879452778902079596930980288005476",
"35712327960724921428771617726824635671",
"237601838780133328348111879118705067271"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a59d6306263c38e5c0592ea4451ca26a0778c947",
"deprecated": false,
"id": "CVE-2023-53136-524e5b3b",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "net/unix/af_unix.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"81348050270006932021977937519945086823",
"217693913963504953218974230713285796727",
"226896636254906371634141726258206316218",
"61409076765612131048487929524383789141",
"17641746177260824185579246679213660995",
"107139432707521396305185279128126532125",
"38691333907698314596488639353712032603",
"178119828524547653945100818903874236696",
"41794879452778902079596930980288005476",
"35712327960724921428771617726824635671",
"237601838780133328348111879118705067271"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ac1968ac399205fda9ee3b18f7de7416cb3a5d0d",
"deprecated": false,
"id": "CVE-2023-53136-687c3de8",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "net/unix/af_unix.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"81348050270006932021977937519945086823",
"217693913963504953218974230713285796727",
"226896636254906371634141726258206316218",
"61409076765612131048487929524383789141",
"17641746177260824185579246679213660995",
"107139432707521396305185279128126532125",
"38691333907698314596488639353712032603",
"178119828524547653945100818903874236696",
"41794879452778902079596930980288005476",
"35712327960724921428771617726824635671",
"237601838780133328348111879118705067271"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a59d6306263c38e5c0592ea4451ca26a0778c947",
"deprecated": false,
"id": "CVE-2023-53136-8e9ef179",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_stream_sendmsg"
},
"digest": {
"length": 2142.0,
"function_hash": "202689327568358058759480450938336573962"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a59d6306263c38e5c0592ea4451ca26a0778c947",
"deprecated": false,
"id": "CVE-2023-53136-a3087c3f",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/unix/af_unix.c",
"function": "queue_oob"
},
"digest": {
"length": 843.0,
"function_hash": "195224884817885892865789093256100923801"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f3969427fb06a2c3cd6efd7faab63505cfa76e76",
"deprecated": false,
"id": "CVE-2023-53136-bbfb7998",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_stream_sendmsg"
},
"digest": {
"length": 2142.0,
"function_hash": "202689327568358058759480450938336573962"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2aab4b96900272885bc157f8b236abf1cdc02e08",
"deprecated": false,
"id": "CVE-2023-53136-c4ece719",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_stream_sendmsg"
},
"digest": {
"length": 2142.0,
"function_hash": "202689327568358058759480450938336573962"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ac1968ac399205fda9ee3b18f7de7416cb3a5d0d",
"deprecated": false,
"id": "CVE-2023-53136-d2003486",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_stream_sendmsg"
},
"digest": {
"length": 2142.0,
"function_hash": "202689327568358058759480450938336573962"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2aab4b96900272885bc157f8b236abf1cdc02e08",
"deprecated": false,
"id": "CVE-2023-53136-fd7796a0",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "net/unix/af_unix.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"81348050270006932021977937519945086823",
"217693913963504953218974230713285796727",
"226896636254906371634141726258206316218",
"61409076765612131048487929524383789141",
"17641746177260824185579246679213660995",
"107139432707521396305185279128126532125",
"38691333907698314596488639353712032603",
"178119828524547653945100818903874236696",
"41794879452778902079596930980288005476",
"35712327960724921428771617726824635671",
"237601838780133328348111879118705067271"
]
}
}
]
Git / github.com/gregkh/linux
Affected versions
v5.*
v5.15
v5.15.1
v5.15.10
v5.15.100
v5.15.101
v5.15.102
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.83
v5.15.84
v5.15.85
v5.15.86
v5.15.87
v5.15.88
v5.15.89
v5.15.9
v5.15.90
v5.15.91
v5.15.92
v5.15.93
v5.15.94
v5.15.95
v5.15.96
v5.15.97
v5.15.98
v5.15.99
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6