CVE-2023-53585Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpf_sk_assign The semantics for bpf_sk_assign are as follows: sk = some_lookup_func() bpf_sk_assign(skb, sk) bpf_sk_release(sk) That is, the sk is not consumed by bpf_sk_assign. The function therefore needs to make sure that sk lives long enough to be consumed from __inet_lookup_skb. The path through the stack for a TCPv4 packet is roughly: netif_receive_skb_core: takes RCU read lock __netif_

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.75.10.195+4
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linuxcf7fbe660f2dbd738ab58aea8e9b0ca6ad232449791a12102e5191dcb6ce0b3a99d71b5a2802d12a+6
debiandebian/linux< linux 6.1.55-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53585: In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpf_sk_assign The semantics for bpf_sk_assign are2025-10-04
GHSA
GHSA-39wr-crm4-gxmv: In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpf_sk_assign The semantics for bpf_sk_assign ar2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: bpf: reject unhashed sockets in bpf_sk_assign2025-10-04
Debian
CVE-2023-53585: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: reject...2023