Slab-Use-After-Free Vulnerability in Linux Kernel's xfrm Device
CVE-2023-53500

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
1 October 2025

What is CVE-2023-53500?

A vulnerability exists in the Linux kernel's xfrm device where a slab-use-after-free condition can occur when processing IPv6 packets. When the xfrm device is set to the queueing discipline of type 'sfb', an alteration in the 'cb' field of the transmitted socket buffer (skb) may happen during enqueuing. This vulnerability arises from improper handling of address offsets which can lead to potential memory corruption. It is important for users to update their kernel versions to mitigate this risk.

Affected Version(s)

Linux f855691975bb06373a98711e4cfe2c224244b536

Linux f855691975bb06373a98711e4cfe2c224244b536

Linux f855691975bb06373a98711e4cfe2c224244b536

References

https://git.kernel.org/stable/c/da4cbaa75ed088b6d70db77b9...
https://git.kernel.org/stable/c/db0e50741f0387f388e9ec824...
https://git.kernel.org/stable/c/bafa236380816b41b2c4c6970...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-53500 : Slab-Use-After-Free Vulnerability in Linux Kernel's xfrm Device