CVE-2023-53669
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-07

Last updated on: 2026-02-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: tcp: fix skb_copy_ubufs() vs BIG TCP David Ahern reported crashes in skb_copy_ubufs() caused by TCP tx zerocopy using hugepages, and skb length bigger than ~68 KB. skb_copy_ubufs() assumed it could copy all payload using up to MAX_SKB_FRAGS order-0 pages. This assumption broke when BIG TCP was able to put up to 512 KB per skb. We did not hit this bug at Google because we use CONFIG_MAX_SKB_FRAGS=45 and limit gso_max_size to 180000. A solution is to use higher order pages if needed. v2: add missing __GFP_COMP, or we leak memory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-07
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2025-10-07
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53669
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a bug in the Linux kernel's TCP networking code, specifically in the skb_copy_ubufs() function. The function incorrectly assumed it could copy all TCP payload data using only small memory pages (order-0 pages). However, with the introduction of BIG TCP, which allows much larger TCP segments (up to 512 KB), this assumption fails when the skb (socket buffer) length exceeds about 68 KB. This mismatch can cause crashes when TCP zero-copy transmission uses hugepages. The fix involves using higher order memory pages when needed and adding missing flags to prevent memory leaks.

Impact Analysis

This vulnerability can cause crashes in the Linux kernel's TCP networking stack when handling large TCP segments with zero-copy transmission using hugepages. Such crashes can lead to system instability, potential denial of service, or unexpected behavior in network communication on affected systems.

Mitigation Strategies

Apply the Linux kernel patch that fixes skb_copy_ubufs() to properly handle BIG TCP by using higher order pages as needed. Additionally, consider configuring or limiting gso_max_size and CONFIG_MAX_SKB_FRAGS to values that avoid triggering the bug, similar to the approach used at Google (e.g., CONFIG_MAX_SKB_FRAGS=45 and gso_max_size=180000).

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53669. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart