CVE-2023-53426Use After Free in Linux

CWE-416Use After FreeCWE-825Expired Pointer Dereference6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xsk_diag use-after-free error during socket cleanup Fix a use-after-free error that is possible if the xsk_diag interface is used after the socket has been unbound from the device. This can happen either due to the socket being closed or the device disappearing. In the early days of AF_XDP, the way we tested that a socket was not bound to a device was to simply check if the netdevice pointer in the xsk socket structur

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel5.15.335.15.132+3
Debianlinux/linux_kernel< 6.1.55-1+2
CVEListV5linux/linuxad7219cd8751bd258b9d1e69ae0654ec00f718755979985f2d6b565b6cf0f79a62670a2855c0e96c+6
debiandebian/linux< linux 6.1.55-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53426: In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xsk_diag use-after-free error during socket cleanup Fix a use-after-free2025-09-18
GHSA
GHSA-26wc-246g-r3wf: In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xsk_diag use-after-free error during socket cleanup Fix a use-after-fre2025-09-18

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service in xsk_diag due to use-after-free during socket cleanup2025-09-18
Debian
CVE-2023-53426: linux - In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xs...2023

💬Community

1
Bugzilla
CVE-2023-53426 kernel: Linux kernel: Denial of Service in xsk_diag due to use-after-free during socket cleanup2025-09-18
CVE-2023-53426 — Use After Free in Linux | cvebase