CVE-2023-53863
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/12/2025
Last modified:
09/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
netlink: do not hard code device address lenth in fdb dumps<br />
<br />
syzbot reports that some netdev devices do not have a six bytes<br />
address [1]<br />
<br />
Replace ETH_ALEN by dev->addr_len.<br />
<br />
[1] (Case of a device where dev->addr_len = 4)<br />
<br />
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]<br />
BUG: KMSAN: kernel-infoleak in copyout+0xb8/0x100 lib/iov_iter.c:169<br />
instrument_copy_to_user include/linux/instrumented.h:114 [inline]<br />
copyout+0xb8/0x100 lib/iov_iter.c:169<br />
_copy_to_iter+0x6d8/0x1d00 lib/iov_iter.c:536<br />
copy_to_iter include/linux/uio.h:206 [inline]<br />
simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:513<br />
__skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419<br />
skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:527<br />
skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]<br />
netlink_recvmsg+0x4ae/0x15a0 net/netlink/af_netlink.c:1970<br />
sock_recvmsg_nosec net/socket.c:1019 [inline]<br />
sock_recvmsg net/socket.c:1040 [inline]<br />
____sys_recvmsg+0x283/0x7f0 net/socket.c:2722<br />
___sys_recvmsg+0x223/0x840 net/socket.c:2764<br />
do_recvmmsg+0x4f9/0xfd0 net/socket.c:2858<br />
__sys_recvmmsg net/socket.c:2937 [inline]<br />
__do_sys_recvmmsg net/socket.c:2960 [inline]<br />
__se_sys_recvmmsg net/socket.c:2953 [inline]<br />
__x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953<br />
do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br />
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80<br />
entry_SYSCALL_64_after_hwframe+0x63/0xcd<br />
<br />
Uninit was stored to memory at:<br />
__nla_put lib/nlattr.c:1009 [inline]<br />
nla_put+0x1c6/0x230 lib/nlattr.c:1067<br />
nlmsg_populate_fdb_fill+0x2b8/0x600 net/core/rtnetlink.c:4071<br />
nlmsg_populate_fdb net/core/rtnetlink.c:4418 [inline]<br />
ndo_dflt_fdb_dump+0x616/0x840 net/core/rtnetlink.c:4456<br />
rtnl_fdb_dump+0x14ff/0x1fc0 net/core/rtnetlink.c:4629<br />
netlink_dump+0x9d1/0x1310 net/netlink/af_netlink.c:2268<br />
netlink_recvmsg+0xc5c/0x15a0 net/netlink/af_netlink.c:1995<br />
sock_recvmsg_nosec+0x7a/0x120 net/socket.c:1019<br />
____sys_recvmsg+0x664/0x7f0 net/socket.c:2720<br />
___sys_recvmsg+0x223/0x840 net/socket.c:2764<br />
do_recvmmsg+0x4f9/0xfd0 net/socket.c:2858<br />
__sys_recvmmsg net/socket.c:2937 [inline]<br />
__do_sys_recvmmsg net/socket.c:2960 [inline]<br />
__se_sys_recvmmsg net/socket.c:2953 [inline]<br />
__x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953<br />
do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br />
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80<br />
entry_SYSCALL_64_after_hwframe+0x63/0xcd<br />
<br />
Uninit was created at:<br />
slab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716<br />
slab_alloc_node mm/slub.c:3451 [inline]<br />
__kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490<br />
kmalloc_trace+0x51/0x200 mm/slab_common.c:1057<br />
kmalloc include/linux/slab.h:559 [inline]<br />
__hw_addr_create net/core/dev_addr_lists.c:60 [inline]<br />
__hw_addr_add_ex+0x2e5/0x9e0 net/core/dev_addr_lists.c:118<br />
__dev_mc_add net/core/dev_addr_lists.c:867 [inline]<br />
dev_mc_add+0x9a/0x130 net/core/dev_addr_lists.c:885<br />
igmp6_group_added+0x267/0xbc0 net/ipv6/mcast.c:680<br />
ipv6_mc_up+0x296/0x3b0 net/ipv6/mcast.c:2754<br />
ipv6_mc_remap+0x1e/0x30 net/ipv6/mcast.c:2708<br />
addrconf_type_change net/ipv6/addrconf.c:3731 [inline]<br />
addrconf_notify+0x4d3/0x1d90 net/ipv6/addrconf.c:3699<br />
notifier_call_chain kernel/notifier.c:93 [inline]<br />
raw_notifier_call_chain+0xe4/0x430 kernel/notifier.c:461<br />
call_netdevice_notifiers_info net/core/dev.c:1935 [inline]<br />
call_netdevice_notifiers_extack net/core/dev.c:1973 [inline]<br />
call_netdevice_notifiers+0x1ee/0x2d0 net/core/dev.c:1987<br />
bond_enslave+0xccd/0x53f0 drivers/net/bonding/bond_main.c:1906<br />
do_set_master net/core/rtnetlink.c:2626 [inline]<br />
rtnl_newlink_create net/core/rtnetlink.c:3460 [inline]<br />
__rtnl_newlink net/core/rtnetlink.c:3660 [inline]<br />
rtnl_newlink+0x378c/0x40e0 net/core/rtnetlink.c:3673<br />
rtnetlink_rcv_msg+0x16a6/0x1840 net/core/rtnetlink.c:6395<br />
netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2546<br />
rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6413<br />
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]<br />
netlink_unicast+0xf28/0x1230 net/netlink/af_<br />
---truncated---
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/44db85c6e1a184b99a2cdf56b525ac63c4962c22
- https://git.kernel.org/stable/c/619384319b137908d1008c92426c9daa95c06b90
- https://git.kernel.org/stable/c/61d1bf3c34bf5fe936c50d1a4bc460babcc85e88
- https://git.kernel.org/stable/c/73862118bd9dec850aa8e775145647ddd23aedf8
- https://git.kernel.org/stable/c/aa5406950726e336c5c9585b09799a734b6e77bf
- https://git.kernel.org/stable/c/b6f2d4618fc697886ad41e215ae20638153e42d0
- https://git.kernel.org/stable/c/bd1de6107f10e7d4c2aabe3397b58d63672fc511
- https://git.kernel.org/stable/c/c3ad49ff5c030cbe719fc4cb0ae081b8255ef4b3
- https://git.kernel.org/stable/c/e9331c8fa4c69f09d2c71682af75586f77266e81