Integer Overflow Vulnerability in Linux Kernel Network Subsystem
CVE-2023-53752
What is CVE-2023-53752?
A security flaw in the Linux kernel's network subsystem has been identified, where an integer overflow in the kmalloc_reserve() function can lead to improper memory allocation. Specifically, when the size parameter exceeds 0x80000001, it is rounded up to 2^32, resulting in truncation and zero allocation. This can lead to potential crashes and unpredictable behavior, particularly when device MTU settings approach critical limits. This vulnerability stems from reports submitted to syzbot and the community, highlighting the need for diligent memory management in kernel networking.
Affected Version(s)
Linux 0dbc898f5917c5a3bec6be19d9f5469cbc351a7d < 31cf7853a940181593e4472fc56f46574123f9f6
Linux 12d6c1d3a2ad0c199ec57c201cdc71e8e157a232
Linux 12d6c1d3a2ad0c199ec57c201cdc71e8e157a232