CVE-2023-53477
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's IPv6 implementation involves incorrect calculation of the nexthop length in the routing code when some sibling routes have lightweight tunnels (lwtunnels) and others do not. Specifically, the function rt6_nlmsg_size() multiplies the nexthop length of fib6_info by the number of siblings, but if fib6_info has no lwtunnel while siblings do, the calculated length is less than it should be. This causes a warning in inet6_rt_notify() and can lead to unexpected behavior in route handling. The issue is fixed by correctly adding the nexthop length of all siblings.
How can this vulnerability impact me? :
This vulnerability can cause warnings and potentially incorrect behavior in IPv6 routing within the Linux kernel, which might affect network stability or routing correctness on affected systems. It could lead to unexpected kernel warnings or errors when managing IPv6 routes involving lightweight tunnels, possibly impacting network functionality or performance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing kernel warning messages related to inet6_rt_notify(), specifically warnings like: WARNING: CPU: 0 PID: XXXX at net/ipv6/route.c:6180 inet6_rt_notify+0x120/0x130. You can also reproduce the bug using the provided script commands that add IPv6 addresses, routes, and ipvlan interfaces, which trigger the issue. The key commands involved are: ip -6 addr add 2002::2/64 dev ens2 ip -6 route add 100::/64 via 2002::1 dev ens2 metric 100 for i in 10 20 30 40 50 60 70; do ip link add link ens2 name ipv_$i type ipvlan ip -6 addr add 2002::$i/64 dev ipv_$i ifconfig ipv_$i up done for i in 10 20 30 40 50 60; do ip -6 route append 100::/64 encap ip6 dst 2002::$i via 2002::1 dev ipv_$i metric 100 done ip -6 route append 100::/64 via 2002::1 dev ipv_70 metric 100
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to apply the patch that fixes the calculation of nexthop length by adding the nexthop_len of every sibling using rt6_nh_nlmsg_size(). Until patched, avoid configurations that create multiple siblings with lwtunnels in fib6_info to prevent triggering the warning and potential instability.