CVE-2023-53136

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-53136

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53136.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-53136

Downstream

BELL-CVE-2023-53136

DEBIAN-CVE-2023-53136

UBUNTU-CVE-2023-53136

Published

2025-05-02T15:56:08.940Z

Modified

2025-11-30T03:47:34.576243Z

Summary

af_unix: fix struct pid leaks in OOB support

Details

In the Linux kernel, the following vulnerability has been resolved:

af_unix: fix struct pid leaks in OOB support

syzbot reported struct pid leak [1].

Issue is that queueoob() calls maybeadd_creds() which potentially holds a reference on a pid.

But skb->destructor is not set (either directly or by calling unixscmto_skb())

This means that subsequent kfreeskb() or consumeskb() would leak this reference.

In this fix, I chose to fully support scm even for the OOB message.

[1] BUG: memory leak unreferenced object 0xffff8881053e7f80 (size 128): comm "syz-executor242", pid 5066, jiffies 4294946079 (age 13.220s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff812ae26a>] allocpid+0x6a/0x560 kernel/pid.c:180 [<ffffffff812718df>] copyprocess+0x169f/0x26c0 kernel/fork.c:2285 [<ffffffff81272b37>] kernelclone+0xf7/0x610 kernel/fork.c:2684 [<ffffffff812730cc>] _dosysclone+0x7c/0xb0 kernel/fork.c:2825 [<ffffffff849ad699>] dosyscallx64 arch/x86/entry/common.c:50 [inline] [<ffffffff849ad699>] dosyscall64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84a0008b>] entrySYSCALL64afterhwframe+0x63/0xcd

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53136.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

314001f0bf927015e459c9d387d62a231fe93af3

Fixed

f3969427fb06a2c3cd6efd7faab63505cfa76e76

Fixed

ac1968ac399205fda9ee3b18f7de7416cb3a5d0d

Fixed

a59d6306263c38e5c0592ea4451ca26a0778c947

Fixed

2aab4b96900272885bc157f8b236abf1cdc02e08

Affected versions

v5.*

v5.14

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.100

v5.15.101

v5.15.102

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.71

v5.15.72

v5.15.73

v5.15.74

v5.15.75

v5.15.76

v5.15.77

v5.15.78

v5.15.79

v5.15.8

v5.15.80

v5.15.81

v5.15.82

v5.15.83

v5.15.84

v5.15.85

v5.15.86

v5.15.87

v5.15.88

v5.15.89

v5.15.9

v5.15.90

v5.15.91

v5.15.92

v5.15.93

v5.15.94

v5.15.95

v5.15.96

v5.15.97

v5.15.98

v5.15.99

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.1.9

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.2.1

v6.2.2

v6.2.3

v6.2.4

v6.2.5

v6.2.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53136.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.0

Fixed

5.15.103

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.20

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.2.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53136.json"