CVE-2023-53836Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix skb refcnt race after locking changes There is a race where skb's from the sk_psock_backlog can be referenced after userspace side has already skb_consumed() the sk_buff and its refcnt dropped to zer0 causing use after free. The flow is the following: while ((skb = skb_peek(&psock->ingress_skb)) sk_psock_handle_Skb(psock, skb, ..., ingress) if (!ingress) ... sk_psock_skb_ingress sk_psock_skb_ingress_enqueue

Affected Packages4 packages

Linuxlinux/linux_kernel5.13.05.15.189+2
Debianlinux/linux_kernel< 6.1.55-1+2
CVEListV5linux/linux799aa7f98d53e0f541fa6b4dc9aa47b4ff2178e365ad600b9bde68d2d28709943ab00b51ca8f0a1d+4
debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

3
OSV
bpf, sockmap: Fix skb refcnt race after locking changes2025-12-09
OSV
CVE-2023-53836: In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix skb refcnt race after locking changes There is a race where skb'2025-12-09
GHSA
GHSA-hvcx-h3h8-m36g: In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix skb refcnt race after locking changes There is a race where sk2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: bpf, sockmap: Fix skb refcnt race after locking changes2025-12-09
Debian
CVE-2023-53836: linux - In the Linux kernel, the following vulnerability has been resolved: bpf, sockma...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53836 Impact, Exploitability, and Mitigation Steps | Wiz