CVE-2023-53698— xsk: fix refcount underflow in error path
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-53698
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
xsk: fix refcount underflow in error path
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xp_alloc_tx_descs() fails, and it can only fail due to not having enough memory, then the error path is triggered. In this error path, the refcount of the pool is decremented as it has incremented before. However, the reference to the pool in the socket was not nulled. This means that when the socket is closed later, the socket teardown logic will think that there is a pool attached to the socket and try to decrease the refcount again, leading to a refcount underflow. I chose this fix as it involved adding just a single line. Another option would have been to move xp_get_pool() and the assignment of xs->pool to after the if-statement and using xs_umem->pool instead of xs->pool in the whole if-statement resulting in somewhat simpler code, but this would have led to much more churn in the code base perhaps making it harder to backport.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于错误路径中未清空池引用,可能导致引用计数下溢。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-53698
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-53698
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-10-22 · 67 CVEs total
| CVE-2023-53710 | wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read | |
| CVE-2023-53729 | soc: qcom: qmi_encdec: Restrict string length in decode | |
| CVE-2023-53727 | net/sched: fq_pie: avoid stalls in fq_pie_timer() | |
| CVE-2023-53728 | posix-timers: Ensure timer ID search-loop limit is valid | |
| CVE-2023-53717 | wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() | |
| CVE-2023-53715 | wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex | |
| CVE-2023-53714 | drm/stm: ltdc: fix late dereference check | |
| CVE-2023-53713 | arm64: sme: Use STR P to clear FFR context field in streaming SVE mode | |
| CVE-2023-53712 | ARM: 9317/1: kexec: Make smp stop calls asynchronous | |
| CVE-2023-53711 | NFS: Fix a potential data corruption | |
| CVE-2023-53716 | net: fix skb leak in __skb_tstamp_tx() | |
| CVE-2023-53709 | ring-buffer: Handle race between rb_move_tail and rb_check_pages | |
| CVE-2023-53707 | drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 | |
| CVE-2023-53708 | ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects | |
| CVE-2023-53705 | ipv6: Fix out-of-bounds access in ipv6_find_tlv() | |
| CVE-2023-53706 | mm/vmemmap/devdax: fix kernel crash when probing devdax devices | |
| CVE-2023-53704 | clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() | |
| CVE-2023-53702 | s390/crypto: use vector instructions only if available for ChaCha20 | |
| CVE-2023-53703 | HID: amd_sfh: Fix for shift-out-of-bounds | |
| CVE-2023-53700 | media: max9286: Fix memleak in max9286_v4l2_register() |
Showing top 20 of 67 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2023-53698
No comments yet