CVE-2023-53462

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53462
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53462.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53462
Downstream
Related
Published
2025-10-01T11:42:33.434Z
Modified
2026-03-20T12:33:10.596549Z
Summary
hsr: Fix uninit-value access in fill_frame_info()
Details

In the Linux kernel, the following vulnerability has been resolved:

hsr: Fix uninit-value access in fillframeinfo()

Syzbot reports the following uninit-value access problem.

===================================================== BUG: KMSAN: uninit-value in fillframeinfo net/hsr/hsrforward.c:601 [inline] BUG: KMSAN: uninit-value in hsrforwardskb+0x9bd/0x30f0 net/hsr/hsrforward.c:616 fillframeinfo net/hsr/hsrforward.c:601 [inline] hsrforwardskb+0x9bd/0x30f0 net/hsr/hsrforward.c:616 hsrdevxmit+0x192/0x330 net/hsr/hsr_device.c:223 __netdevstartxmit include/linux/netdevice.h:4889 [inline] netdevstartxmit include/linux/netdevice.h:4903 [inline] xmitone net/core/dev.c:3544 [inline] devhardstartxmit+0x247/0xa10 net/core/dev.c:3560 __devqueuexmit+0x34d0/0x52a0 net/core/dev.c:4340 dev_queuexmit include/linux/netdevice.h:3082 [inline] packetxmit+0x9c/0x6b0 net/packet/afpacket.c:276 packetsnd net/packet/afpacket.c:3087 [inline] packetsendmsg+0x8b1d/0x9f30 net/packet/afpacket.c:3119 socksendmsgnosec net/socket.c:730 [inline] socksendmsg net/socket.c:753 [inline] __sys_sendto+0x781/0xa30 net/socket.c:2176 __dosyssendto net/socket.c:2188 [inline] __sesyssendto net/socket.c:2184 [inline] __ia32syssendto+0x11f/0x1c0 net/socket.c:2184 dosyscall32irqson arch/x86/entry/common.c:112 [inline] __dofastsyscall32+0xa2/0x100 arch/x86/entry/common.c:178 dofastsyscall32+0x37/0x80 arch/x86/entry/common.c:203 doSYSENTER32+0x1f/0x30 arch/x86/entry/common.c:246 entrySYSENTERcompatafterhwframe+0x70/0x82

Uninit was created at: slabpostallochook+0x12f/0xb70 mm/slab.h:767 slaballocnode mm/slub.c:3478 [inline] kmemcacheallocnode+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x148/0x470 net/core/skbuff.c:559 __allocskb+0x318/0x740 net/core/skbuff.c:644 allocskb include/linux/skbuff.h:1286 [inline] allocskbwithfrags+0xc8/0xbd0 net/core/skbuff.c:6299 sockallocsendpskb+0xa80/0xbf0 net/core/sock.c:2794 packetallocskb net/packet/afpacket.c:2936 [inline] packetsnd net/packet/afpacket.c:3030 [inline] packetsendmsg+0x70e8/0x9f30 net/packet/afpacket.c:3119 socksendmsgnosec net/socket.c:730 [inline] socksendmsg net/socket.c:753 [inline] __sys_sendto+0x781/0xa30 net/socket.c:2176 __dosyssendto net/socket.c:2188 [inline] __sesyssendto net/socket.c:2184 [inline] __ia32syssendto+0x11f/0x1c0 net/socket.c:2184 dosyscall32irqson arch/x86/entry/common.c:112 [inline] __dofastsyscall32+0xa2/0x100 arch/x86/entry/common.c:178 dofastsyscall32+0x37/0x80 arch/x86/entry/common.c:203 doSYSENTER32+0x1f/0x30 arch/x86/entry/common.c:246 entrySYSENTERcompatafterhwframe+0x70/0x82

It is because VLAN not yet supported in hsr driver. Return error when protocol is ETHP8021Q in fillframeinfo() now to fix it.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53462.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
451d8123f89791bb628277c0bdb4cae34a3563e6
Fixed
1e90a93ac4845c31724ec5dc96fb51e608435a9d
Fixed
6a4480c5e6ebaf9f797ac300e2a97a02d4e70cfd
Fixed
61866f7d814e5792bf47410d7d3ff32e49bd292a
Fixed
ed7a0ba7e840dc5d54cdbd8466be27e6aedce1e5
Fixed
484b4833c604c0adcf19eac1ca14b60b757355b5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53462.json"