CVE-2023-53999
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel mlx5e TC Internal Port Handling

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra post_act rules are added to post_act table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel, in the case that, for example, CT 'new' state offload is allowed. As int_port object is assigned to the flow attribute of post_act rule, and its refcnt is incremented by mlx5e_tc_int_port_get(), but mlx5e_tc_int_port_put() is not called, the refcnt is never decremented, then int_port is never freed. The kmemleak reports the following error: unreferenced object 0xffff888128204b80 (size 64): comm "handler20", pid 50121, jiffies 4296973009 (age 642.932s) hex dump (first 32 bytes): 01 00 00 00 19 00 00 00 03 f0 00 00 04 00 00 00 ................ 98 77 67 41 81 88 ff ff 98 77 67 41 81 88 ff ff .wgA.....wgA.... backtrace: [<00000000e992680d>] kmalloc_trace+0x27/0x120 [<000000009e945a98>] mlx5e_tc_int_port_get+0x3f3/0xe20 [mlx5_core] [<0000000035a537f0>] mlx5e_tc_add_fdb_flow+0x473/0xcf0 [mlx5_core] [<0000000070c2cec6>] __mlx5e_add_fdb_flow+0x7cf/0xe90 [mlx5_core] [<000000005cc84048>] mlx5e_configure_flower+0xd40/0x4c40 [mlx5_core] [<000000004f8a2031>] mlx5e_rep_indr_offload.isra.0+0x10e/0x1c0 [mlx5_core] [<000000007df797dc>] mlx5e_rep_indr_setup_tc_cb+0x90/0x130 [mlx5_core] [<0000000016c15cc3>] tc_setup_cb_add+0x1cf/0x410 [<00000000a63305b4>] fl_hw_replace_filter+0x38f/0x670 [cls_flower] [<000000008bc9e77c>] fl_change+0x1fd5/0x4430 [cls_flower] [<00000000e7f766e4>] tc_new_tfilter+0x867/0x2010 [<00000000e101c0ef>] rtnetlink_rcv_msg+0x6fc/0x9f0 [<00000000e1111d44>] netlink_rcv_skb+0x12c/0x360 [<0000000082dd6c8b>] netlink_unicast+0x438/0x710 [<00000000fc568f70>] netlink_sendmsg+0x794/0xc50 [<0000000016e92590>] sock_sendmsg+0xc5/0x190 So fix this by moving int_port cleanup code to the flow attribute free helper, which is used by all the attribute free cases.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53999
EUVD
EUVD-2025-205141
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mlx5 mlx5_core *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's mlx5e driver related to internal port handling in traffic control (TC). Specifically, when flow rules are split and extra post-action rules are added, the internal port object's reference count is incremented but never decremented, causing the internal port memory to never be freed. This happens when packets are forwarded from an internal port over a tunnel, for example, when connection tracking 'new' state offload is allowed. The issue was fixed by moving the internal port cleanup code to the flow attribute free helper, ensuring proper memory release.


How can this vulnerability impact me? :

This vulnerability can cause a memory leak in the Linux kernel, which may lead to increased memory usage over time and potentially degrade system performance or stability. If the memory leak is severe, it could exhaust system memory resources, causing crashes or denial of service conditions on affected systems using the mlx5e driver for network traffic control.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kmemleak reports for unreferenced objects related to the mlx5e driver, specifically looking for memory leaks involving internal port objects. The kmemleak output includes details such as the process name (e.g., "handler20"), PID, and backtrace involving mlx5_core functions. To detect this, you can enable kmemleak in the Linux kernel and check its reports. Commands to enable and check kmemleak include: 1. Enable kmemleak (if not already enabled): echo scan > /sys/kernel/debug/kmemleak 2. Check kmemleak report: cat /sys/kernel/debug/kmemleak Look for entries similar to the reported unreferenced object with backtrace involving mlx5_core functions.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix where the internal port cleanup code is moved to the flow attribute free helper, ensuring proper decrement of reference counts and preventing memory leaks. Until the patch is applied, monitor kmemleak reports to detect memory leaks and consider limiting or disabling features that trigger the vulnerability, such as CT 'new' state offload in the mlx5e driver, if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart