{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53601","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-04T15:40:38.479Z","datePublished":"2025-10-04T15:44:12.477Z","dateUpdated":"2026-05-11T19:48:18.942Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:48:18.942Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb->data is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe <0f> 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\n[<ffffffff8471a49f>] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[<ffffffff8471a49f>] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[<ffffffff851d845b>] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[<ffffffff851d845b>] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[<ffffffff851c7472>] packet_snd net/packet/af_packet.c:3112 [inline]\n[<ffffffff851c7472>] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[<ffffffff8467a4b2>] sock_sendmsg_nosec net/socket.c:716 [inline]\n[<ffffffff8467a4b2>] sock_sendmsg net/socket.c:736 [inline]\n[<ffffffff8467a4b2>] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[<ffffffff8467a715>] __do_sys_sendto net/socket.c:2151 [inline]\n[<ffffffff8467a715>] __se_sys_sendto net/socket.c:2147 [inline]\n[<ffffffff8467a715>] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[<ffffffff8553071f>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[<ffffffff8553071f>] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[<ffffffff85600087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/bonding/bond_main.c"],"versions":[{"version":"7b8fc0103bb51d1d3e1fb5fd67958612e709f883","lessThan":"029d892b05fc5e42a1b1c0665f62cb3e4b23e6dc","status":"affected","versionType":"git"},{"version":"7b8fc0103bb51d1d3e1fb5fd67958612e709f883","lessThan":"37b6143376a578265add04f35161b257eeb84a5e","status":"affected","versionType":"git"},{"version":"7b8fc0103bb51d1d3e1fb5fd67958612e709f883","lessThan":"c96cc3d9acaca53d9a81c884c23f1224b61c829b","status":"affected","versionType":"git"},{"version":"7b8fc0103bb51d1d3e1fb5fd67958612e709f883","lessThan":"bc16fc63592c419357dd4c4d82d50762102a60ef","status":"affected","versionType":"git"},{"version":"7b8fc0103bb51d1d3e1fb5fd67958612e709f883","lessThan":"6a940abdef3162e5723f1495b8a49859d1708f79","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/bonding/bond_main.c"],"versions":[{"version":"5.12","status":"affected"},{"version":"0","lessThan":"5.12","status":"unaffected","versionType":"semver"},{"version":"5.15.121","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.39","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.3.13","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4.4","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"5.15.121"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"6.1.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"6.3.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"6.4.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/029d892b05fc5e42a1b1c0665f62cb3e4b23e6dc"},{"url":"https://git.kernel.org/stable/c/37b6143376a578265add04f35161b257eeb84a5e"},{"url":"https://git.kernel.org/stable/c/c96cc3d9acaca53d9a81c884c23f1224b61c829b"},{"url":"https://git.kernel.org/stable/c/bc16fc63592c419357dd4c4d82d50762102a60ef"},{"url":"https://git.kernel.org/stable/c/6a940abdef3162e5723f1495b8a49859d1708f79"}],"title":"bonding: do not assume skb mac_header is set","x_generator":{"engine":"bippy-1.2.0"}}}}