CVE-2023-53995
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-12-24

Last updated on: 2025-12-29

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bond0 to become free. Usage count = 2 It can be repoduced via: ip link add bond0 type bond sysctl -w net.ipv4.conf.bond0.promote_secondaries=1 ip addr add 4.117.174.103/0 scope 0x40 dev bond0 ip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0 ip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0 ip addr del 4.117.174.103/0 scope 0x40 dev bond0 ip link delete bond0 type bond In this reproduction test case, an incorrect 'last_prim' is found in __inet_del_ifa(), as a result, the secondary address(0.0.0.4/0 scope 0x40) is lost. The memory of the secondary address is leaked and the reference of in_device and net_device is leaked. Fix this problem: Look for 'last_prim' starting at location of the deleted IP and inserting the promoted IP into the location of 'last_prim'.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-29
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53995
EUVD
EUVD-2025-205164
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's IPv4 networking code, specifically in the function __inet_del_ifa(). When deleting an IP address from a bonded network interface (bond0), an incorrect 'last_prim' pointer causes the secondary IP address to be lost without properly freeing its memory. This results in leaked memory and leaked references to network device structures.


How can this vulnerability impact me? :

The impact of this vulnerability is that it causes memory leaks in the kernel when managing IP addresses on bonded network interfaces. Over time, this can lead to increased memory usage and potentially degrade system performance or stability due to unreleased memory and references.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by reproducing the conditions that trigger the memory leak in the Linux kernel's __inet_del_ifa() function. The following commands can be used to test for the issue: ip link add bond0 type bond sysctl -w net.ipv4.conf.bond0.promote_secondaries=1 ip addr add 4.117.174.103/0 scope 0x40 dev bond0 ip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0 ip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0 ip addr del 4.117.174.103/0 scope 0x40 dev bond0 ip link delete bond0 type bond If during this test you observe warnings such as "unregister_netdevice: waiting for bond0 to become free. Usage count = 2", it indicates the presence of the vulnerability.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, apply the fix that corrects the handling of 'last_prim' in the __inet_del_ifa() function. This involves ensuring that when an IP address is deleted, the promoted IP is inserted into the location of 'last_prim' to prevent memory leaks of secondary addresses and references. Practically, this means updating your Linux kernel to a version where this fix is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart