CVE-2023-53995 (GCVE-0-2023-53995)

Vulnerability from cvelistv5 – Published: 2025-12-24 10:55 – Updated: 2025-12-24 10:55
VLAI?
Title
net: ipv4: fix one memleak in __inet_del_ifa()
Summary
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix one memleak in __inet_del_ifa() I got the below warning when do fuzzing test: unregister_netdevice: waiting for bond0 to become free. Usage count = 2 It can be repoduced via: ip link add bond0 type bond sysctl -w net.ipv4.conf.bond0.promote_secondaries=1 ip addr add 4.117.174.103/0 scope 0x40 dev bond0 ip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0 ip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0 ip addr del 4.117.174.103/0 scope 0x40 dev bond0 ip link delete bond0 type bond In this reproduction test case, an incorrect 'last_prim' is found in __inet_del_ifa(), as a result, the secondary address(0.0.0.4/0 scope 0x40) is lost. The memory of the secondary address is leaked and the reference of in_device and net_device is leaked. Fix this problem: Look for 'last_prim' starting at location of the deleted IP and inserting the promoted IP into the location of 'last_prim'.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 0ff60a45678e67b2547256a636fd00c1667ce4fa , < 5624f26a3574500ce23929cb2c9976a0dec9920a (git)
Affected: 0ff60a45678e67b2547256a636fd00c1667ce4fa , < 7c8ddcdab1b900bed69cad6beef477fff116289e (git)
Affected: 0ff60a45678e67b2547256a636fd00c1667ce4fa , < 2f1e86014d0cc084886c36a2d77bc620e2d42618 (git)
Affected: 0ff60a45678e67b2547256a636fd00c1667ce4fa , < 980f8445479814509a3cd55a8eabaae1c9030a4c (git)
Affected: 0ff60a45678e67b2547256a636fd00c1667ce4fa , < 42652af5360d30b43b06057c193739e7dfb18f42 (git)
Affected: 0ff60a45678e67b2547256a636fd00c1667ce4fa , < ac28b1ec6135649b5d78b028e47264cb3ebca5ea (git)
Create a notification for this product.
    Linux Linux Affected: 2.6.15
Unaffected: 0 , < 2.6.15 (semver)
Unaffected: 5.4.257 , ≤ 5.4.* (semver)
Unaffected: 5.10.195 , ≤ 5.10.* (semver)
Unaffected: 5.15.132 , ≤ 5.15.* (semver)
Unaffected: 6.1.54 , ≤ 6.1.* (semver)
Unaffected: 6.5.4 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/devinet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5624f26a3574500ce23929cb2c9976a0dec9920a",
              "status": "affected",
              "version": "0ff60a45678e67b2547256a636fd00c1667ce4fa",
              "versionType": "git"
            },
            {
              "lessThan": "7c8ddcdab1b900bed69cad6beef477fff116289e",
              "status": "affected",
              "version": "0ff60a45678e67b2547256a636fd00c1667ce4fa",
              "versionType": "git"
            },
            {
              "lessThan": "2f1e86014d0cc084886c36a2d77bc620e2d42618",
              "status": "affected",
              "version": "0ff60a45678e67b2547256a636fd00c1667ce4fa",
              "versionType": "git"
            },
            {
              "lessThan": "980f8445479814509a3cd55a8eabaae1c9030a4c",
              "status": "affected",
              "version": "0ff60a45678e67b2547256a636fd00c1667ce4fa",
              "versionType": "git"
            },
            {
              "lessThan": "42652af5360d30b43b06057c193739e7dfb18f42",
              "status": "affected",
              "version": "0ff60a45678e67b2547256a636fd00c1667ce4fa",
              "versionType": "git"
            },
            {
              "lessThan": "ac28b1ec6135649b5d78b028e47264cb3ebca5ea",
              "status": "affected",
              "version": "0ff60a45678e67b2547256a636fd00c1667ce4fa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/devinet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.15"
            },
            {
              "lessThan": "2.6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.257",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.132",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.257",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.195",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.132",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.54",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.4",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix one memleak in __inet_del_ifa()\n\nI got the below warning when do fuzzing test:\nunregister_netdevice: waiting for bond0 to become free. Usage count = 2\n\nIt can be repoduced via:\n\nip link add bond0 type bond\nsysctl -w net.ipv4.conf.bond0.promote_secondaries=1\nip addr add 4.117.174.103/0 scope 0x40 dev bond0\nip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0\nip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0\nip addr del 4.117.174.103/0 scope 0x40 dev bond0\nip link delete bond0 type bond\n\nIn this reproduction test case, an incorrect \u0027last_prim\u0027 is found in\n__inet_del_ifa(), as a result, the secondary address(0.0.0.4/0 scope 0x40)\nis lost. The memory of the secondary address is leaked and the reference of\nin_device and net_device is leaked.\n\nFix this problem:\nLook for \u0027last_prim\u0027 starting at location of the deleted IP and inserting\nthe promoted IP into the location of \u0027last_prim\u0027."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T10:55:32.713Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5624f26a3574500ce23929cb2c9976a0dec9920a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c8ddcdab1b900bed69cad6beef477fff116289e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f1e86014d0cc084886c36a2d77bc620e2d42618"
        },
        {
          "url": "https://git.kernel.org/stable/c/980f8445479814509a3cd55a8eabaae1c9030a4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/42652af5360d30b43b06057c193739e7dfb18f42"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac28b1ec6135649b5d78b028e47264cb3ebca5ea"
        }
      ],
      "title": "net: ipv4: fix one memleak in __inet_del_ifa()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53995",
    "datePublished": "2025-12-24T10:55:32.713Z",
    "dateReserved": "2025-12-24T10:53:46.176Z",
    "dateUpdated": "2025-12-24T10:55:32.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-53995\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T11:15:52.403\",\"lastModified\":\"2025-12-29T15:58:56.260\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: ipv4: fix one memleak in __inet_del_ifa()\\n\\nI got the below warning when do fuzzing test:\\nunregister_netdevice: waiting for bond0 to become free. Usage count = 2\\n\\nIt can be repoduced via:\\n\\nip link add bond0 type bond\\nsysctl -w net.ipv4.conf.bond0.promote_secondaries=1\\nip addr add 4.117.174.103/0 scope 0x40 dev bond0\\nip addr add 192.168.100.111/255.255.255.254 scope 0 dev bond0\\nip addr add 0.0.0.4/0 scope 0x40 secondary dev bond0\\nip addr del 4.117.174.103/0 scope 0x40 dev bond0\\nip link delete bond0 type bond\\n\\nIn this reproduction test case, an incorrect \u0027last_prim\u0027 is found in\\n__inet_del_ifa(), as a result, the secondary address(0.0.0.4/0 scope 0x40)\\nis lost. The memory of the secondary address is leaked and the reference of\\nin_device and net_device is leaked.\\n\\nFix this problem:\\nLook for \u0027last_prim\u0027 starting at location of the deleted IP and inserting\\nthe promoted IP into the location of \u0027last_prim\u0027.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2f1e86014d0cc084886c36a2d77bc620e2d42618\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/42652af5360d30b43b06057c193739e7dfb18f42\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5624f26a3574500ce23929cb2c9976a0dec9920a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7c8ddcdab1b900bed69cad6beef477fff116289e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/980f8445479814509a3cd55a8eabaae1c9030a4c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac28b1ec6135649b5d78b028e47264cb3ebca5ea\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.