CVE-2023-53426
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xsk_diag use-after-free error during socket cleanup Fix a use-after-free error that is possible if the xsk_diag interface is used after the socket has been unbound from the device. This can happen either due to the socket being closed or the device disappearing. In the early days of AF_XDP, the way we tested that a socket was not bound to a device was to simply check if the netdevice pointer in the xsk socket structure was NULL. Later, a better system was introduced by having an explicit state variable in the xsk socket struct. For example, the state of a socket that is on the way to being closed and has been unbound from the device is XSK_UNBOUND. The commit in the Fixes tag below deleted the old way of signalling that a socket is unbound, setting dev to NULL. This in the belief that all code using the old way had been exterminated. That was unfortunately not true as the xsk diagnostics code was still using the old way and thus does not work as intended when a socket is going down. Fix this by introducing a test against the state variable. If the socket is in the state XSK_UNBOUND, simply abort the diagnostic's netlink operation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-12-11
Generated
2026-05-07
AI Q&A
2025-09-18
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53426
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.33 (inc) to 5.15.132 (exc)
linux linux_kernel From 5.16.19 (inc) to 5.17 (exc)
linux linux_kernel From 5.17.2 (inc) to 6.1.54 (exc)
linux linux_kernel From 6.2 (inc) to 6.5.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free error in the Linux kernel's xsk_diag interface. It occurs when the interface is used after the socket has been unbound from the device, such as when the socket is closed or the device disappears. The issue arose because the xsk diagnostics code was still using an outdated method to check if a socket was unbound, leading to improper handling and potential errors during socket cleanup. The fix involves checking the socket's explicit state variable to properly detect when a socket is unbound and aborting the diagnostic operation if so.


How can this vulnerability impact me? :

This vulnerability can cause errors or crashes in the Linux kernel when the xsk_diag interface is used improperly after a socket has been unbound. Such use-after-free errors can lead to instability or unexpected behavior in systems relying on AF_XDP sockets, potentially affecting network operations or system reliability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart