CVE-2023-53843
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
09/12/2025
Última modificación:
09/12/2025
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: openvswitch: reject negative ifindex<br />
<br />
Recent changes in net-next (commit 759ab1edb56c ("net: store netdevs<br />
in an xarray")) refactored the handling of pre-assigned ifindexes<br />
and let syzbot surface a latent problem in ovs. ovs does not validate<br />
ifindex, making it possible to create netdev ports with negative<br />
ifindex values. It&#39;s easy to repro with YNL:<br />
<br />
$ ./cli.py --spec netlink/specs/ovs_datapath.yaml \<br />
--do new \<br />
--json &#39;{"upcall-pid": 1, "name":"my-dp"}&#39;<br />
$ ./cli.py --spec netlink/specs/ovs_vport.yaml \<br />
--do new \<br />
--json &#39;{"upcall-pid": "00000001", "name": "some-port0", "dp-ifindex":3,"ifindex":4294901760,"type":2}&#39;<br />
<br />
$ ip link show<br />
-65536: some-port0: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000<br />
link/ether 7a:48:21:ad:0b:fb brd ff:ff:ff:ff:ff:ff<br />
...<br />
<br />
Validate the inputs. Now the second command correctly returns:<br />
<br />
$ ./cli.py --spec netlink/specs/ovs_vport.yaml \<br />
--do new \<br />
--json &#39;{"upcall-pid": "00000001", "name": "some-port0", "dp-ifindex":3,"ifindex":4294901760,"type":2}&#39;<br />
<br />
lib.ynl.NlError: Netlink error: Numerical result out of range<br />
nl_len = 108 (92) nl_flags = 0x300 nl_type = 2<br />
error: -34 extack: {&#39;msg&#39;: &#39;integer out of range&#39;, &#39;unknown&#39;: [[type:4 len:36] b&#39;\x0c\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x03\x00\xff\xff\xff\x7f\x00\x00\x00\x00\x08\x00\x01\x00\x08\x00\x00\x00&#39;], &#39;bad-attr&#39;: &#39;.ifindex&#39;}<br />
<br />
Accept 0 since it used to be silently ignored.



