CVE-2023-54012
Stack Overflow in Linux Kernel netdev Feature Update Logic
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel occurs when disabling Large Receive Offload (LRO) on virtual interfaces such as team or bonding interfaces. The issue arises because the feature update propagation logic works recursively instead of iteratively due to the netdev notification mechanism. When the LRO feature is updated on a parent interface (e.g., team0), it triggers a NETDEV_FEAT_CHANGE event to its lower interfaces (e.g., team1 to team200). However, this event is also sent back to the upper interface, causing repeated notifications between upper and lower interfaces. This recursive notification leads to a stack overflow. The problem is not an infinite loop because synchronized interfaces skip redundant notifications, but the unexpected recursion causes the stack overflow.
How can this vulnerability impact me? :
This vulnerability can cause a stack overflow in the Linux kernel when disabling LRO on virtual interfaces like team or bonding interfaces. A stack overflow can lead to kernel crashes or instability, potentially causing denial of service or system disruptions on affected systems.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reproducing the conditions that trigger the stack overflow, specifically by creating a team interface with multiple lower interfaces and toggling the LRO feature. The following commands can be used to test for the vulnerability: ip link add team0 type team ethtool -K team0 lro on for i in {1..200} do ip link add team$i master team0 type team ethtool -K team$i lro on done ethtool -K team0 lro off If the system experiences a stack overflow or instability after running these commands, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the Linux kernel to a version where the vulnerability is fixed. The fix introduces the notifier_ctx member of bonding/team to prevent recursive notifications causing stack overflow. Until the update is applied, avoid disabling LRO on team or bonding interfaces with many lower interfaces to prevent triggering the issue.