| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122425-CVE-2023-53995-1860@gregkh> Date: Wed, 24 Dec 2025 11:56:39 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53995: net: ipv4: fix one memleak in __inet_del_ifa() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bond0 to become free. Usage count = 2 It can be repoduced via: ip link add bond0 type bond sysctl -w net.ipv4.conf.bond0.promote_secondaries=1 ip addr add 4.117.174.103/0 scope 0x40 dev bond0 ip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0 ip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0 ip addr del 4.117.174.103/0 scope 0x40 dev bond0 ip link delete bond0 type bond In this reproduction test case, an incorrect 'last_prim' is found in __inet_del_ifa(), as a result, the secondary address(0.0.0.4/0 scope 0x40) is lost. The memory of the secondary address is leaked and the reference of in_device and net_device is leaked. Fix this problem: Look for 'last_prim' starting at location of the deleted IP and inserting the promoted IP into the location of 'last_prim'. The Linux kernel CVE team has assigned CVE-2023-53995 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.15 with commit 0ff60a45678e67b2547256a636fd00c1667ce4fa and fixed in 5.4.257 with commit 5624f26a3574500ce23929cb2c9976a0dec9920a Issue introduced in 2.6.15 with commit 0ff60a45678e67b2547256a636fd00c1667ce4fa and fixed in 5.10.195 with commit 7c8ddcdab1b900bed69cad6beef477fff116289e Issue introduced in 2.6.15 with commit 0ff60a45678e67b2547256a636fd00c1667ce4fa and fixed in 5.15.132 with commit 2f1e86014d0cc084886c36a2d77bc620e2d42618 Issue introduced in 2.6.15 with commit 0ff60a45678e67b2547256a636fd00c1667ce4fa and fixed in 6.1.54 with commit 980f8445479814509a3cd55a8eabaae1c9030a4c Issue introduced in 2.6.15 with commit 0ff60a45678e67b2547256a636fd00c1667ce4fa and fixed in 6.5.4 with commit 42652af5360d30b43b06057c193739e7dfb18f42 Issue introduced in 2.6.15 with commit 0ff60a45678e67b2547256a636fd00c1667ce4fa and fixed in 6.6 with commit ac28b1ec6135649b5d78b028e47264cb3ebca5ea Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53995 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/ipv4/devinet.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5624f26a3574500ce23929cb2c9976a0dec9920a https://git.kernel.org/stable/c/7c8ddcdab1b900bed69cad6beef477fff116289e https://git.kernel.org/stable/c/2f1e86014d0cc084886c36a2d77bc620e2d42618 https://git.kernel.org/stable/c/980f8445479814509a3cd55a8eabaae1c9030a4c https://git.kernel.org/stable/c/42652af5360d30b43b06057c193739e7dfb18f42 https://git.kernel.org/stable/c/ac28b1ec6135649b5d78b028e47264cb3ebca5ea
Powered by blists - more mailing lists