CVE-2023-53698

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xsk: fix refcount underflow in error path<br /> <br /> Fix a refcount underflow problem reported by syzbot that can happen<br /> when a system is running out of memory. If xp_alloc_tx_descs() fails,<br /> and it can only fail due to not having enough memory, then the error<br /> path is triggered. In this error path, the refcount of the pool is<br /> decremented as it has incremented before. However, the reference to<br /> the pool in the socket was not nulled. This means that when the socket<br /> is closed later, the socket teardown logic will think that there is a<br /> pool attached to the socket and try to decrease the refcount again,<br /> leading to a refcount underflow.<br /> <br /> I chose this fix as it involved adding just a single line. Another<br /> option would have been to move xp_get_pool() and the assignment of<br /> xs-&gt;pool to after the if-statement and using xs_umem-&gt;pool instead of<br /> xs-&gt;pool in the whole if-statement resulting in somewhat simpler code,<br /> but this would have led to much more churn in the code base perhaps<br /> making it harder to backport.