CVE-2023-53189

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipv6/addrconf: fix a potential refcount underflow for idev<br /> <br /> Now in addrconf_mod_rs_timer(), reference idev depends on whether<br /> rs_timer is not pending. Then modify rs_timer timeout.<br /> <br /> There is a time gap in [1], during which if the pending rs_timer<br /> becomes not pending. It will miss to hold idev, but the rs_timer<br /> is activated. Thus rs_timer callback function addrconf_rs_timer()<br /> will be executed and put idev later without holding idev. A refcount<br /> underflow issue for idev can be caused by this.<br /> <br /> if (!timer_pending(&amp;idev-&gt;rs_timer))<br /> in6_dev_hold(idev);<br /> rs_timer, jiffies + when);<br /> <br /> To fix the issue, hold idev if mod_timer() return 0.