CVE-2023-53821Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents6 sources
Severity
7.0HIGH
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix slab-use-after-free in decode_session6 When ipv6_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6_vti device sends IPv6 packets. The stack information is as follows: BUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890 Read of size 1 at addr ffff88802e08edc2 by task swapper/0/0 CPU: 0 PID: 0 Com

Affected Packages4 packages

Linuxlinux/linux_kernel3.19.04.14.324+6
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linuxf855691975bb06373a98711e4cfe2c224244b5360f0ab8d52ee0062b28367dea23c29e254a26d7db+8
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
ip6_vti: fix slab-use-after-free in decode_session62025-12-09
GHSA
GHSA-j65p-q5f6-5q5p: In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix slab-use-after-free in decode_session6 When ipv6_vti device is set2025-12-09
OSV
CVE-2023-53821: In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix slab-use-after-free in decode_session6 When ipv6_vti device is set to2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: ip6_vti: fix slab-use-after-free in decode_session62025-12-09
Debian
CVE-2023-53821: linux - In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fi...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53821 Impact, Exploitability, and Mitigation Steps | Wiz