DEBIAN-CVE-2023-53477

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53477

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53477.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53477

Upstream

CVE-2023-53477

Published

2025-10-01T12:15:50Z

Modified

2025-10-02T09:16:59.328730Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation In function rt6nlmsgsize(), the length of nexthop is calculated by multipling the nexthop length of fib6info and the number of siblings. However if the fib6info has no lwtunnel but the siblings have lwtunnels, the nexthop length is less than it should be, and it will trigger a warning in inet6rtnotify() as follows: WARNING: CPU: 0 PID: 6082 at net/ipv6/route.c:6180 inet6rtnotify+0x120/0x130 ...... Call Trace: <TASK> fib6addrt2node+0x685/0xa30 fib6add+0x96/0x1b0 ip6routeadd+0x50/0xd0 inet6rtmnewroute+0x97/0xa0 rtnetlinkrcvmsg+0x156/0x3d0 netlinkrcvskb+0x5a/0x110 netlinkunicast+0x246/0x350 netlinksendmsg+0x250/0x4c0 socksendmsg+0x66/0x70 _syssendmsg+0x7c/0xd0 _syssendmsg+0x5d/0xb0 dosyscall64+0x3f/0x90 entrySYSCALL64afterhwframe+0x72/0xdc This bug can be reproduced by script: ip -6 addr add 2002::2/64 dev ens2 ip -6 route add 100::/64 via 2002::1 dev ens2 metric 100 for i in 10 20 30 40 50 60 70; do ip link add link ens2 name ipv$i type ipvlan ip -6 addr add 2002::$i/64 dev ipv$i ifconfig ipv$i up done for i in 10 20 30 40 50 60; do ip -6 route append 100::/64 encap ip6 dst 2002::$i via 2002::1 dev ipv$i metric 100 done ip -6 route append 100::/64 via 2002::1 dev ipv70 metric 100 This patch fixes it by adding nexthoplen of every siblings using rt6nhnlmsgsize().

References

https://security-tracker.debian.org/tracker/CVE-2023-53477

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.178-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

5.10.127-1

5.10.127-2~bpo10+1

5.10.127-2

5.10.136-1

5.10.140-1

5.10.148-1

5.10.149-1

5.10.149-2

5.10.158-1

5.10.158-2

5.10.162-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.20-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}