Kernel Vulnerability in Linux Affecting BPF and CPU Mapping

CVE-2023-53660

What is CVE-2023-53660?

A vulnerability in the Linux kernel affects the processing of socket buffer (skb) memory types when running xdp_redirect_cpu with both skb-mode and stress-mode enabled. This can lead to improper handling of skb frames, particularly when the kthread cpu_map_kthread_run is prematurely stopped. The system generates warnings during execution, indicating a potential risk in handling and freeing skb frames in the ptr_ring structure. Resolution is provided in the latest patches, focusing on ensuring that memory is managed correctly and preventing broken behavior during cleanup.

References