{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53365","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:54:09.733Z","datePublished":"2025-09-17T14:56:53.781Z","dateUpdated":"2026-05-11T19:43:32.333Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:43:32.333Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nip6mr: Fix skb_under_panic in ip6mr_cache_report()\n\nskbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4\n head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg\n ------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:192!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Workqueue: ipv6_addrconf addrconf_dad_work\n RIP: 0010:skb_panic+0x152/0x1d0\n Call Trace:\n  <TASK>\n  skb_push+0xc4/0xe0\n  ip6mr_cache_report+0xd69/0x19b0\n  reg_vif_xmit+0x406/0x690\n  dev_hard_start_xmit+0x17e/0x6e0\n  __dev_queue_xmit+0x2d6a/0x3d20\n  vlan_dev_hard_start_xmit+0x3ab/0x5c0\n  dev_hard_start_xmit+0x17e/0x6e0\n  __dev_queue_xmit+0x2d6a/0x3d20\n  neigh_connected_output+0x3ed/0x570\n  ip6_finish_output2+0x5b5/0x1950\n  ip6_finish_output+0x693/0x11c0\n  ip6_output+0x24b/0x880\n  NF_HOOK.constprop.0+0xfd/0x530\n  ndisc_send_skb+0x9db/0x1400\n  ndisc_send_rs+0x12a/0x6c0\n  addrconf_dad_completed+0x3c9/0xea0\n  addrconf_dad_work+0x849/0x1420\n  process_one_work+0xa22/0x16e0\n  worker_thread+0x679/0x10c0\n  ret_from_fork+0x28/0x60\n  ret_from_fork_asm+0x11/0x20\n\nWhen setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().\nreg_vif_xmit()\n    ip6mr_cache_report()\n        skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4\nAnd skb_push declared as:\n\tvoid *skb_push(struct sk_buff *skb, unsigned int len);\n\t\tskb->data -= len;\n\t\t//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850\nskb->data is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/ip6mr.c"],"versions":[{"version":"14fb64e1f449ef6666f1c3a3fa4e13aec669b98d","lessThan":"a96d74d1076c82a4cef02c150d9996b21354c78d","status":"affected","versionType":"git"},{"version":"14fb64e1f449ef6666f1c3a3fa4e13aec669b98d","lessThan":"8382e7ed2d63e6c2daf6881fa091526dc6c879cd","status":"affected","versionType":"git"},{"version":"14fb64e1f449ef6666f1c3a3fa4e13aec669b98d","lessThan":"0438e60a00d4e335b3c36397dbf26c74b5d13ef0","status":"affected","versionType":"git"},{"version":"14fb64e1f449ef6666f1c3a3fa4e13aec669b98d","lessThan":"1683124129a4263dd5bce2475bab110e95fa0346","status":"affected","versionType":"git"},{"version":"14fb64e1f449ef6666f1c3a3fa4e13aec669b98d","lessThan":"1bb54a21f4d9b88442f8c3307c780e2db64417e4","status":"affected","versionType":"git"},{"version":"14fb64e1f449ef6666f1c3a3fa4e13aec669b98d","lessThan":"691a09eecad97e745b9aa0e3918db46d020bdacb","status":"affected","versionType":"git"},{"version":"14fb64e1f449ef6666f1c3a3fa4e13aec669b98d","lessThan":"3326c711f18d18fe6e1f5d83d3a7eab07e5a1560","status":"affected","versionType":"git"},{"version":"14fb64e1f449ef6666f1c3a3fa4e13aec669b98d","lessThan":"30e0191b16e8a58e4620fa3e2839ddc7b9d4281c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/ip6mr.c"],"versions":[{"version":"2.6.26","status":"affected"},{"version":"0","lessThan":"2.6.26","status":"unaffected","versionType":"semver"},{"version":"4.14.322","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.291","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.253","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.190","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.126","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.45","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.10","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"4.14.322"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"4.19.291"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.4.253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.10.190"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.15.126"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.1.45"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.4.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a96d74d1076c82a4cef02c150d9996b21354c78d"},{"url":"https://git.kernel.org/stable/c/8382e7ed2d63e6c2daf6881fa091526dc6c879cd"},{"url":"https://git.kernel.org/stable/c/0438e60a00d4e335b3c36397dbf26c74b5d13ef0"},{"url":"https://git.kernel.org/stable/c/1683124129a4263dd5bce2475bab110e95fa0346"},{"url":"https://git.kernel.org/stable/c/1bb54a21f4d9b88442f8c3307c780e2db64417e4"},{"url":"https://git.kernel.org/stable/c/691a09eecad97e745b9aa0e3918db46d020bdacb"},{"url":"https://git.kernel.org/stable/c/3326c711f18d18fe6e1f5d83d3a7eab07e5a1560"},{"url":"https://git.kernel.org/stable/c/30e0191b16e8a58e4620fa3e2839ddc7b9d4281c"}],"title":"ip6mr: Fix skb_under_panic in ip6mr_cache_report()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53365","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:45:20.470480Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","description":"CWE-noinfo Not enough information"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:53:01.715Z"}}]}}