CVE-2023-54273 — Deployment of Wrong Handler in Linux

CWE-430 — Deployment of Wrong Handler7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 92.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev reference tracker is already initialized, but released with wrong *_put() call.

Affected Packages3 packages

▶Linuxlinux/linux_kernel6.2.0 — 6.3.4

▶CVEListV5linux/linux919e43fad5163a8ceb39826ecdee897a9f799351 — 7d16c515059b3746f2d6a24a74c3ba786a68c2a1+2

▶debiandebian/linux

🔴Vulnerability Details

GHSA

GHSA-c9xp-xhgq-2rj5: In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev refer↗2025-12-30

▶

OSV

CVE-2023-54273: In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix leak of dev tracker At the stage of direction checks, the netdev referen↗2025-12-30

▶

OSV

xfrm: Fix leak of dev tracker↗2025-12-30

▶

📋Vendor Advisories

Red Hat

kernel: Linux kernel: Denial of Service due to xfrm resource leak↗2025-12-30

▶

Debian

CVE-2023-54273: linux - In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix l...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54273 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶