{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53843","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-09T01:27:17.826Z","datePublished":"2025-12-09T01:30:05.698Z","dateUpdated":"2026-05-11T19:52:35.532Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:52:35.532Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: reject negative ifindex\n\nRecent changes in net-next (commit 759ab1edb56c (\"net: store netdevs\nin an xarray\")) refactored the handling of pre-assigned ifindexes\nand let syzbot surface a latent problem in ovs. ovs does not validate\nifindex, making it possible to create netdev ports with negative\nifindex values. It's easy to repro with YNL:\n\n$ ./cli.py --spec netlink/specs/ovs_datapath.yaml \\\n         --do new \\\n\t --json '{\"upcall-pid\": 1, \"name\":\"my-dp\"}'\n$ ./cli.py --spec netlink/specs/ovs_vport.yaml \\\n\t --do new \\\n\t --json '{\"upcall-pid\": \"00000001\", \"name\": \"some-port0\", \"dp-ifindex\":3,\"ifindex\":4294901760,\"type\":2}'\n\n$ ip link show\n-65536: some-port0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000\n    link/ether 7a:48:21:ad:0b:fb brd ff:ff:ff:ff:ff:ff\n...\n\nValidate the inputs. Now the second command correctly returns:\n\n$ ./cli.py --spec netlink/specs/ovs_vport.yaml \\\n\t --do new \\\n\t --json '{\"upcall-pid\": \"00000001\", \"name\": \"some-port0\", \"dp-ifindex\":3,\"ifindex\":4294901760,\"type\":2}'\n\nlib.ynl.NlError: Netlink error: Numerical result out of range\nnl_len = 108 (92) nl_flags = 0x300 nl_type = 2\n\terror: -34\textack: {'msg': 'integer out of range', 'unknown': [[type:4 len:36] b'\\x0c\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x03\\x00\\xff\\xff\\xff\\x7f\\x00\\x00\\x00\\x00\\x08\\x00\\x01\\x00\\x08\\x00\\x00\\x00'], 'bad-attr': '.ifindex'}\n\nAccept 0 since it used to be silently ignored."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/openvswitch/datapath.c"],"versions":[{"version":"54c4ef34c4b6f9720fded620e2893894f9f2c554","lessThan":"c965a58376146dcfdda186819462e8eb3aadef3a","status":"affected","versionType":"git"},{"version":"54c4ef34c4b6f9720fded620e2893894f9f2c554","lessThan":"881faff9e548a7ddfb11595be7c1c649217d27db","status":"affected","versionType":"git"},{"version":"54c4ef34c4b6f9720fded620e2893894f9f2c554","lessThan":"a552bfa16bab4ce901ee721346a28c4e483f4066","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/openvswitch/datapath.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"6.1.47","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.4.12","lessThanOrEqual":"6.4.*","status":"unaffected","versionType":"semver"},{"version":"6.5","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.47"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.4.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.5"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c965a58376146dcfdda186819462e8eb3aadef3a"},{"url":"https://git.kernel.org/stable/c/881faff9e548a7ddfb11595be7c1c649217d27db"},{"url":"https://git.kernel.org/stable/c/a552bfa16bab4ce901ee721346a28c4e483f4066"}],"title":"net: openvswitch: reject negative ifindex","x_generator":{"engine":"bippy-1.2.0"}}}}