CVE-2023-53669

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53669
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53669.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53669
Downstream
Published
2025-10-07T15:21:26.896Z
Modified
2026-03-20T12:33:17.051949Z
Summary
tcp: fix skb_copy_ubufs() vs BIG TCP
Details

In the Linux kernel, the following vulnerability has been resolved:

tcp: fix skbcopyubufs() vs BIG TCP

David Ahern reported crashes in skbcopyubufs() caused by TCP tx zerocopy using hugepages, and skb length bigger than ~68 KB.

skbcopyubufs() assumed it could copy all payload using up to MAXSKBFRAGS order-0 pages.

This assumption broke when BIG TCP was able to put up to 512 KB per skb.

We did not hit this bug at Google because we use CONFIGMAXSKBFRAGS=45 and limit gsomax_size to 180000.

A solution is to use higher order pages if needed.

v2: add missing _GFPCOMP, or we leak memory.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53669.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7c4e983c4f3cf94fcd879730c6caa877e0768a4d
Fixed
7fa93e39fbb0566019c388a8038a4d58552e0910
Fixed
3c77a377877acbaf03cd7caa21d3644a5dd16301
Fixed
9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f
Fixed
7e692df3933628d974acb9f5b334d2b3e885e2a6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53669.json"