CVE-2023-53426

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xsk: Fix xsk_diag use-after-free error during socket cleanup<br /> <br /> Fix a use-after-free error that is possible if the xsk_diag interface<br /> is used after the socket has been unbound from the device. This can<br /> happen either due to the socket being closed or the device<br /> disappearing. In the early days of AF_XDP, the way we tested that a<br /> socket was not bound to a device was to simply check if the netdevice<br /> pointer in the xsk socket structure was NULL. Later, a better system<br /> was introduced by having an explicit state variable in the xsk socket<br /> struct. For example, the state of a socket that is on the way to being<br /> closed and has been unbound from the device is XSK_UNBOUND.<br /> <br /> The commit in the Fixes tag below deleted the old way of signalling<br /> that a socket is unbound, setting dev to NULL. This in the belief that<br /> all code using the old way had been exterminated. That was<br /> unfortunately not true as the xsk diagnostics code was still using the<br /> old way and thus does not work as intended when a socket is going<br /> down. Fix this by introducing a test against the state variable. If<br /> the socket is in the state XSK_UNBOUND, simply abort the diagnostic&amp;#39;s<br /> netlink operation.