CVE-2023-53669
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-02-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a bug in the Linux kernel's TCP networking code, specifically in the skb_copy_ubufs() function. The function incorrectly assumed it could copy all TCP payload data using only small memory pages (order-0 pages). However, with the introduction of BIG TCP, which allows much larger TCP segments (up to 512 KB), this assumption fails when the skb (socket buffer) length exceeds about 68 KB. This mismatch can cause crashes when TCP zero-copy transmission uses hugepages. The fix involves using higher order memory pages when needed and adding missing flags to prevent memory leaks.
How can this vulnerability impact me? :
This vulnerability can cause crashes in the Linux kernel's TCP networking stack when handling large TCP segments with zero-copy transmission using hugepages. Such crashes can lead to system instability, potential denial of service, or unexpected behavior in network communication on affected systems.
What immediate steps should I take to mitigate this vulnerability?
Apply the Linux kernel patch that fixes skb_copy_ubufs() to properly handle BIG TCP by using higher order pages as needed. Additionally, consider configuring or limiting gso_max_size and CONFIG_MAX_SKB_FRAGS to values that avoid triggering the bug, similar to the approach used at Google (e.g., CONFIG_MAX_SKB_FRAGS=45 and gso_max_size=180000).