CVE-2023-53669
- Source
- https://cve.org/CVERecord?id=CVE-2023-53669
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53669.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53669
- Downstream
- Published
- 2025-10-07T15:21:26.896Z
- Modified
- 2026-02-20T01:35:39.010131Z
- Summary
- tcp: fix skb_copy_ubufs() vs BIG TCP
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix skbcopyubufs() vs BIG TCP
David Ahern reported crashes in skbcopyubufs() caused by TCP tx zerocopy using hugepages, and skb length bigger than ~68 KB.
skbcopyubufs() assumed it could copy all payload using up to MAXSKBFRAGS order-0 pages.
This assumption broke when BIG TCP was able to put up to 512 KB per skb.
We did not hit this bug at Google because we use CONFIGMAXSKBFRAGS=45 and limit gsomax_size to 180000.
A solution is to use higher order pages if needed.
v2: add missing _GFPCOMP, or we leak memory.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53669.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3c77a377877acbaf03cd7caa21d3644a5dd16301
- https://git.kernel.org/stable/c/7e692df3933628d974acb9f5b334d2b3e885e2a6
- https://git.kernel.org/stable/c/7fa93e39fbb0566019c388a8038a4d58552e0910
- https://git.kernel.org/stable/c/9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53669.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53669
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7c4e983c4f3cf94fcd879730c6caa877e0768a4dFixed7fa93e39fbb0566019c388a8038a4d58552e0910Fixed3c77a377877acbaf03cd7caa21d3644a5dd16301Fixed9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328fFixed7e692df3933628d974acb9f5b334d2b3e885e2a6
Affected versions
v5.*
v5.18
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.2.15
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.3.1
v6.3.2
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53669.json"
vanir_signatures
[
{
"id": "CVE-2023-53669-31196179",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c77a377877acbaf03cd7caa21d3644a5dd16301",
"target": {
"file": "net/core/skbuff.c",
"function": "skb_copy_ubufs"
},
"digest": {
"function_hash": "160821595308932000136377619005920771967",
"length": 1485.0
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-53669-50b220af",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e692df3933628d974acb9f5b334d2b3e885e2a6",
"target": {
"file": "net/core/skbuff.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"212863037043241447406424531664537109660",
"82856290350469859909047112811556844420",
"63434132142558404040887810062161415785",
"23371513992787319075742126083056681608",
"158266567521090766864140688667085630000",
"130558224653123646532907095556819997890",
"244892849380947186815275651196537218351",
"116377177145349667410804123047227633560",
"152689100226306714642124699369026063169",
"172933185346338568940675009722576663272",
"182453893714395486841402946415369740743",
"282085652586051697445427912239901573509",
"10177934885968249366693128284980068193",
"15600685704263383122972168692923631228",
"331709107873538412786822428595802093626",
"2801581793982394866129699099022395116",
"118596578560214821596537190928447478059",
"110758045214931665585886621880976166510",
"315046804131780643427817201950293831620",
"69003327806365117893764905865206933362",
"276484963004888179426856440409815840890",
"254390847891516376426673425278122936254"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2023-53669-77f5f879",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7fa93e39fbb0566019c388a8038a4d58552e0910",
"target": {
"file": "net/core/skbuff.c",
"function": "skb_copy_ubufs"
},
"digest": {
"function_hash": "160821595308932000136377619005920771967",
"length": 1485.0
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-53669-79b144e4",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f",
"target": {
"file": "net/core/skbuff.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"212863037043241447406424531664537109660",
"82856290350469859909047112811556844420",
"63434132142558404040887810062161415785",
"23371513992787319075742126083056681608",
"158266567521090766864140688667085630000",
"130558224653123646532907095556819997890",
"244892849380947186815275651196537218351",
"116377177145349667410804123047227633560",
"152689100226306714642124699369026063169",
"172933185346338568940675009722576663272",
"182453893714395486841402946415369740743",
"282085652586051697445427912239901573509",
"10177934885968249366693128284980068193",
"15600685704263383122972168692923631228",
"331709107873538412786822428595802093626",
"2801581793982394866129699099022395116",
"118596578560214821596537190928447478059",
"110758045214931665585886621880976166510",
"315046804131780643427817201950293831620",
"69003327806365117893764905865206933362",
"276484963004888179426856440409815840890",
"254390847891516376426673425278122936254"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2023-53669-79df540e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c77a377877acbaf03cd7caa21d3644a5dd16301",
"target": {
"file": "net/core/skbuff.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"212863037043241447406424531664537109660",
"82856290350469859909047112811556844420",
"63434132142558404040887810062161415785",
"23371513992787319075742126083056681608",
"158266567521090766864140688667085630000",
"130558224653123646532907095556819997890",
"244892849380947186815275651196537218351",
"116377177145349667410804123047227633560",
"152689100226306714642124699369026063169",
"172933185346338568940675009722576663272",
"182453893714395486841402946415369740743",
"282085652586051697445427912239901573509",
"10177934885968249366693128284980068193",
"15600685704263383122972168692923631228",
"331709107873538412786822428595802093626",
"2801581793982394866129699099022395116",
"118596578560214821596537190928447478059",
"110758045214931665585886621880976166510",
"315046804131780643427817201950293831620",
"69003327806365117893764905865206933362",
"276484963004888179426856440409815840890",
"254390847891516376426673425278122936254"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2023-53669-87cc556e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7fa93e39fbb0566019c388a8038a4d58552e0910",
"target": {
"file": "net/core/skbuff.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"212863037043241447406424531664537109660",
"82856290350469859909047112811556844420",
"63434132142558404040887810062161415785",
"23371513992787319075742126083056681608",
"158266567521090766864140688667085630000",
"130558224653123646532907095556819997890",
"244892849380947186815275651196537218351",
"116377177145349667410804123047227633560",
"152689100226306714642124699369026063169",
"172933185346338568940675009722576663272",
"182453893714395486841402946415369740743",
"282085652586051697445427912239901573509",
"10177934885968249366693128284980068193",
"15600685704263383122972168692923631228",
"331709107873538412786822428595802093626",
"2801581793982394866129699099022395116",
"118596578560214821596537190928447478059",
"110758045214931665585886621880976166510",
"315046804131780643427817201950293831620",
"69003327806365117893764905865206933362",
"276484963004888179426856440409815840890",
"254390847891516376426673425278122936254"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2023-53669-c4ffb81e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e692df3933628d974acb9f5b334d2b3e885e2a6",
"target": {
"file": "net/core/skbuff.c",
"function": "skb_copy_ubufs"
},
"digest": {
"function_hash": "160821595308932000136377619005920771967",
"length": 1485.0
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-53669-f0a11a97",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f",
"target": {
"file": "net/core/skbuff.c",
"function": "skb_copy_ubufs"
},
"digest": {
"function_hash": "160821595308932000136377619005920771967",
"length": 1485.0
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
]
Git / github.com/gregkh/linux
Affected versions
v5.*
v5.19
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.2.15
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.3.1
v6.3.2