CVE-2023-53477

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation In function rt6_nlmsg_size(), the length of nexthop is calculated by multipling the nexthop length of fib6_info and the number of siblings. However if the fib6_info has no lwtunnel but the siblings have lwtunnels, the nexthop length is less than it should be, and it will trigger a warning in inet6_rt_notify() as follows: WARNING: CPU: 0 PID: 6082 at net/ipv6/route.c:6180 inet6_rt_notify+0x120/0x130 …… Call Trace: fib6_add_rt2node+0x685/0xa30 fib6_add+0x96/0x1b0 ip6_route_add+0x50/0xd0 inet6_rtm_newroute+0x97/0xa0 rtnetlink_rcv_msg+0x156/0x3d0 netlink_rcv_skb+0x5a/0x110 netlink_unicast+0x246/0x350 netlink_sendmsg+0x250/0x4c0 sock_sendmsg+0x66/0x70 ___sys_sendmsg+0x7c/0xd0 __sys_sendmsg+0x5d/0xb0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_afterhwframe+0x72/0xdc This bug can be reproduced by script: ip -6 addr add 2002::²⁄₆₄ dev ens2 ip -6 route add 100::/64 via 2002::1 dev ens2 metric 100 for i in 10 20 30 40 50 60 70; do ip link add link ens2 name ipv$i type ipvlan ip -6 addr add 2002::$i/64 dev ipv$i ifconfig ipv$i up done for i in 10 20 30 40 50 60; do ip -6 route append 100::/64 encap ip6 dst 2002::$i via 2002::1 dev ipv_$i metric 100 done ip -6 route append 100::/64 via 2002::1 dev ipv_70 metric 100 This patch fixes it by adding nexthop_len of every siblings using rt6_nh_nlmsg_size().

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

debianubuntu

Reference Links

https://www.cve.org/CVERecord?id=CVE-2023-53477

https://git.kernel.org/linus/4cc59f386991ec9374cb4bc83dbe1c0b5a95033f (6.3-rc1)

https://git.kernel.org/stable/c/4cc59f386991ec9374cb4bc83dbe1c0b5a95033f

https://git.kernel.org/stable/c/aa75d826c221e8d48607aef33836cf872a159cf1

https://git.kernel.org/stable/c/aba298b35619213ca787d08d472049627d8cd012

https://git.kernel.org/stable/c/da26369377f0b671c14692e2d65ceb38131053e1

https://git.kernel.org/stable/c/dcdddb5f490890d058ea1f194d661219e92fe88d

https://git.kernel.org/stable/c/e11e4d524eba2d3c8fdf897d7ce3853f7573bae9

Vulnerable Software (162)

Type: Configuration

Product: linux

Operating System: ubuntu bionic 18.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu focal 20.04

Trait:

{  "fixed": "5.4.0-152.169"}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu jammy 22.04

Trait:

{  "fixed": "5.15.0-79.86"}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu trusty 14.04

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: ubuntu xenial 16.04

Trait:

{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: linux

Operating System: debian

Trait:

{  "fixed": "6.1.20-1"}

Source: debian

Type: Configuration

Product: linux

Operating System: debian bullseye 11

Trait:

{  "fixed": "5.10.178-1"}

Source: debian

Type: Configuration

Product: linux-allwinner-5.19

Operating System: ubuntu jammy 22.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: linux-aws

Operating System: ubuntu bionic 18.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: linux-aws

Operating System: ubuntu focal 20.04

Trait:

{  "fixed": "5.4.0-1104.112"}

Source: ubuntu