CVE-2023-53338
- Source
- https://cve.org/CVERecord?id=CVE-2023-53338
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53338.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53338
- Downstream
- Related
- Published
- 2025-09-17T14:56:32.302Z
- Modified
- 2026-03-20T12:33:05.896348Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- lwt: Fix return values of BPF xmit ops
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
lwt: Fix return values of BPF xmit ops
BPF encap ops can return different types of positive values, such like NETRXDROP, NETXMITCN, NETDEVTXBUSY, and so on, from function skbdoredirect and bpflwtxmitreroute. At the xmit hook, such return values would be treated implicitly as LWTUNNELXMIT_CONTINUE in ip(6)finishoutput2. When this happens, skbs that have been freed would continue to the neighbor subsystem, causing use-after-free bug and kernel crashes.
To fix the incorrect behavior, skbdoredirect return values can be simply discarded, the same as tc-egress behavior. On the other hand, bpflwtxmitreroute returns useful errors to local senders, e.g. PMTU information. Thus convert its return values to avoid the conflict with LWTUNNELXMIT_CONTINUE.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53338.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/065d5f17096ec9161180e2c890afdff4dc6125f2
- https://git.kernel.org/stable/c/29b22badb7a84b783e3a4fffca16f7768fb31205
- https://git.kernel.org/stable/c/65583f9e070db7bece20710cfa2e3daeb0b831d9
- https://git.kernel.org/stable/c/67f8f2bae8e7ac72e09def2b667e44704c4d1ee1
- https://git.kernel.org/stable/c/a97f221651fcdc891166e9bc270e3d9bfa5a0080
- https://git.kernel.org/stable/c/d68c17402442f5f494a2c3ebde5cb82f6aa9160a
- https://git.kernel.org/stable/c/e3f647e4b642f9f6d32795a16f92c116c138d2af
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53338.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53338
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2Fixed67f8f2bae8e7ac72e09def2b667e44704c4d1ee1Fixeda97f221651fcdc891166e9bc270e3d9bfa5a0080Fixede3f647e4b642f9f6d32795a16f92c116c138d2afFixed065d5f17096ec9161180e2c890afdff4dc6125f2Fixedd68c17402442f5f494a2c3ebde5cb82f6aa9160aFixed65583f9e070db7bece20710cfa2e3daeb0b831d9Fixed29b22badb7a84b783e3a4fffca16f7768fb31205