{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53477","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-01T11:39:39.401Z","datePublished":"2025-10-01T11:42:46.279Z","dateUpdated":"2026-05-11T19:45:44.688Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:45:44.688Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Add lwtunnel encap size of all siblings in nexthop calculation\n\nIn function rt6_nlmsg_size(), the length of nexthop is calculated\nby multipling the nexthop length of fib6_info and the number of\nsiblings. However if the fib6_info has no lwtunnel but the siblings\nhave lwtunnels, the nexthop length is less than it should be, and\nit will trigger a warning in inet6_rt_notify() as follows:\n\nWARNING: CPU: 0 PID: 6082 at net/ipv6/route.c:6180 inet6_rt_notify+0x120/0x130\n......\nCall Trace:\n <TASK>\n fib6_add_rt2node+0x685/0xa30\n fib6_add+0x96/0x1b0\n ip6_route_add+0x50/0xd0\n inet6_rtm_newroute+0x97/0xa0\n rtnetlink_rcv_msg+0x156/0x3d0\n netlink_rcv_skb+0x5a/0x110\n netlink_unicast+0x246/0x350\n netlink_sendmsg+0x250/0x4c0\n sock_sendmsg+0x66/0x70\n ___sys_sendmsg+0x7c/0xd0\n __sys_sendmsg+0x5d/0xb0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThis bug can be reproduced by script:\n\nip -6 addr add 2002::2/64 dev ens2\nip -6 route add 100::/64 via 2002::1 dev ens2 metric 100\n\nfor i in 10 20 30 40 50 60 70;\ndo\n\tip link add link ens2 name ipv_$i type ipvlan\n\tip -6 addr add 2002::$i/64 dev ipv_$i\n\tifconfig ipv_$i up\ndone\n\nfor i in 10 20 30 40 50 60;\ndo\n\tip -6 route append 100::/64 encap ip6 dst 2002::$i via 2002::1\ndev ipv_$i metric 100\ndone\n\nip -6 route append 100::/64 via 2002::1 dev ipv_70 metric 100\n\nThis patch fixes it by adding nexthop_len of every siblings using\nrt6_nh_nlmsg_size()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/route.c"],"versions":[{"version":"beb1afac518dec5a15dc92ba8f0ca016dcf457b4","lessThan":"aba298b35619213ca787d08d472049627d8cd012","status":"affected","versionType":"git"},{"version":"beb1afac518dec5a15dc92ba8f0ca016dcf457b4","lessThan":"da26369377f0b671c14692e2d65ceb38131053e1","status":"affected","versionType":"git"},{"version":"beb1afac518dec5a15dc92ba8f0ca016dcf457b4","lessThan":"dcdddb5f490890d058ea1f194d661219e92fe88d","status":"affected","versionType":"git"},{"version":"beb1afac518dec5a15dc92ba8f0ca016dcf457b4","lessThan":"e11e4d524eba2d3c8fdf897d7ce3853f7573bae9","status":"affected","versionType":"git"},{"version":"beb1afac518dec5a15dc92ba8f0ca016dcf457b4","lessThan":"aa75d826c221e8d48607aef33836cf872a159cf1","status":"affected","versionType":"git"},{"version":"beb1afac518dec5a15dc92ba8f0ca016dcf457b4","lessThan":"4cc59f386991ec9374cb4bc83dbe1c0b5a95033f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/route.c"],"versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","status":"unaffected","versionType":"semver"},{"version":"5.4.235","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.173","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.100","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.18","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.5","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.4.235"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.10.173"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.15.100"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.1.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.2.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/aba298b35619213ca787d08d472049627d8cd012"},{"url":"https://git.kernel.org/stable/c/da26369377f0b671c14692e2d65ceb38131053e1"},{"url":"https://git.kernel.org/stable/c/dcdddb5f490890d058ea1f194d661219e92fe88d"},{"url":"https://git.kernel.org/stable/c/e11e4d524eba2d3c8fdf897d7ce3853f7573bae9"},{"url":"https://git.kernel.org/stable/c/aa75d826c221e8d48607aef33836cf872a159cf1"},{"url":"https://git.kernel.org/stable/c/4cc59f386991ec9374cb4bc83dbe1c0b5a95033f"}],"title":"ipv6: Add lwtunnel encap size of all siblings in nexthop calculation","x_generator":{"engine":"bippy-1.2.0"}}}}