Network protocol issue in the Linux kernel bonding driver
CVE-2023-53601

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 October 2025

What is CVE-2023-53601?

A vulnerability exists in the Linux kernel's bonding driver, where it incorrectly assumes that socket buffer (skb) headers are always set. This can lead to improper behavior during packet transmission and potentially expose systems to security risks. Drivers utilizing the ndo_start_xmit() function should not rely on the skb->mac_header being initialized, as the actual skb->data is sufficient for processing. This oversight has been highlighted by syzbot logs and emphasizes the need for immediate updates to affected kernel versions to mitigate potential exploits.

Affected Version(s)

Linux 7b8fc0103bb51d1d3e1fb5fd67958612e709f883 < 029d892b05fc5e42a1b1c0665f62cb3e4b23e6dc

Linux 7b8fc0103bb51d1d3e1fb5fd67958612e709f883 < 37b6143376a578265add04f35161b257eeb84a5e

Linux 7b8fc0103bb51d1d3e1fb5fd67958612e709f883

References

https://git.kernel.org/stable/c/029d892b05fc5e42a1b1c0665...
https://git.kernel.org/stable/c/37b6143376a578265add04f35...
https://git.kernel.org/stable/c/c96cc3d9acaca53d9a81c884c...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-53601 : Network protocol issue in the Linux kernel bonding driver