CVE-2023-53189
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-02
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
ipv6/addrconf: fix a potential refcount underflow for idev
Now in addrconf_mod_rs_timer(), reference idev depends on whether
rs_timer is not pending. Then modify rs_timer timeout.
There is a time gap in [1], during which if the pending rs_timer
becomes not pending. It will miss to hold idev, but the rs_timer
is activated. Thus rs_timer callback function addrconf_rs_timer()
will be executed and put idev later without holding idev. A refcount
underflow issue for idev can be caused by this.
if (!timer_pending(&idev->rs_timer))
in6_dev_hold(idev);
<--------------[1]
mod_timer(&idev->rs_timer, jiffies + when);
To fix the issue, hold idev if mod_timer() return 0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 3.10.105 (inc) to 4.14.322 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 4.19.291 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.251 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.188 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.121 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.40 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.4.5 (exc) |
| linux | linux_kernel | 6.5 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
