CVE-2023-53141
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/05/2025
Last modified:
10/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()<br />
<br />
ila_xlat_nl_cmd_get_mapping() generates an empty skb,<br />
triggerring a recent sanity check [1].<br />
<br />
Instead, return an error code, so that user space<br />
can get it.<br />
<br />
[1]<br />
skb_assert_len<br />
WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 skb_assert_len include/linux/skbuff.h:2527 [inline]<br />
WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156<br />
Modules linked in:<br />
CPU: 0 PID: 5923 Comm: syz-executor269 Not tainted 6.2.0-syzkaller-18300-g2ebd1fbb946d #0<br />
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023<br />
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br />
pc : skb_assert_len include/linux/skbuff.h:2527 [inline]<br />
pc : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156<br />
lr : skb_assert_len include/linux/skbuff.h:2527 [inline]<br />
lr : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156<br />
sp : ffff80001e0d6c40<br />
x29: ffff80001e0d6e60 x28: dfff800000000000 x27: ffff0000c86328c0<br />
x26: dfff800000000000 x25: ffff0000c8632990 x24: ffff0000c8632a00<br />
x23: 0000000000000000 x22: 1fffe000190c6542 x21: ffff0000c8632a10<br />
x20: ffff0000c8632a00 x19: ffff80001856e000 x18: ffff80001e0d5fc0<br />
x17: 0000000000000000 x16: ffff80001235d16c x15: 0000000000000000<br />
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001<br />
x11: ff80800008353a30 x10: 0000000000000000 x9 : 21567eaf25bfb600<br />
x8 : 21567eaf25bfb600 x7 : 0000000000000001 x6 : 0000000000000001<br />
x5 : ffff80001e0d6558 x4 : ffff800015c74760 x3 : ffff800008596744<br />
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000000e<br />
Call trace:<br />
skb_assert_len include/linux/skbuff.h:2527 [inline]<br />
__dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156<br />
dev_queue_xmit include/linux/netdevice.h:3033 [inline]<br />
__netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline]<br />
__netlink_deliver_tap+0x45c/0x6f8 net/netlink/af_netlink.c:325<br />
netlink_deliver_tap+0xf4/0x174 net/netlink/af_netlink.c:338<br />
__netlink_sendskb net/netlink/af_netlink.c:1283 [inline]<br />
netlink_sendskb+0x6c/0x154 net/netlink/af_netlink.c:1292<br />
netlink_unicast+0x334/0x8d4 net/netlink/af_netlink.c:1380<br />
nlmsg_unicast include/net/netlink.h:1099 [inline]<br />
genlmsg_unicast include/net/genetlink.h:433 [inline]<br />
genlmsg_reply include/net/genetlink.h:443 [inline]<br />
ila_xlat_nl_cmd_get_mapping+0x620/0x7d0 net/ipv6/ila/ila_xlat.c:493<br />
genl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline]<br />
genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]<br />
genl_rcv_msg+0x938/0xc1c net/netlink/genetlink.c:1065<br />
netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2574<br />
genl_rcv+0x38/0x50 net/netlink/genetlink.c:1076<br />
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]<br />
netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365<br />
netlink_sendmsg+0x800/0xae0 net/netlink/af_netlink.c:1942<br />
sock_sendmsg_nosec net/socket.c:714 [inline]<br />
sock_sendmsg net/socket.c:734 [inline]<br />
____sys_sendmsg+0x558/0x844 net/socket.c:2479<br />
___sys_sendmsg net/socket.c:2533 [inline]<br />
__sys_sendmsg+0x26c/0x33c net/socket.c:2562<br />
__do_sys_sendmsg net/socket.c:2571 [inline]<br />
__se_sys_sendmsg net/socket.c:2569 [inline]<br />
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2569<br />
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]<br />
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52<br />
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142<br />
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193<br />
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637<br />
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655<br />
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591<br />
irq event stamp: 136484<br />
hardirqs last enabled at (136483): [] __up_console_sem+0x60/0xb4 kernel/printk/printk.c:345<br />
hardirqs last disabled at (136484): [] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405<br />
softirqs last enabled at (136418): [] softirq_ha<br />
---truncated---
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.5 (including) | 4.14.310 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.278 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.237 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.175 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.103 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.20 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.2.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/25b54f247ea060aeb85ec88a82c75060fca03521
- https://git.kernel.org/stable/c/42d9ed4e5dc5f87fbd67c232e2e4a9b88ceeb47f
- https://git.kernel.org/stable/c/60fe7cb483c8c5dcadaeeac867251d6e59c7badc
- https://git.kernel.org/stable/c/693aa2c0d9b6d5b1f2745d31b6e70d09dbbaf06e
- https://git.kernel.org/stable/c/783f218940b3c7b872e4111d0145000f26ecbdf6
- https://git.kernel.org/stable/c/91aceb3844d4aec555c7f423f9fd843eff5835e9
- https://git.kernel.org/stable/c/b26bc5861505f04dea933ca3e522772b20fa086f
- https://git.kernel.org/stable/c/c631e52aea0fc8d4deea06e439f5810a8b40ad0f