Linux Kernel Vulnerability in IPV4 PMTU Optimization

CVE-2023-53600

What is CVE-2023-53600?

A vulnerability exists in the Linux kernel concerning the handling of IPV4 Path Maximum Transmission Unit (PMTU) errors, specifically during the generation of ICMP error messages in response to nonlinear socket buffers (skb). This issue can lead to a KASAN (Kernel Address Sanitizer) report indicating a slab-out-of-bounds error, which can cause network applications to hang or fail unexpectedly. The kernel functions responsible for computing checksums and managing tunneled packets do not properly handle nonlinear skbs, resulting in potential service interruptions. The recent fix has addressed this flaw, restoring stability to affected applications like iperf3 and enhancing overall network performance.

References