Race Condition in Linux Kernel's Socket Management Leading to Use After Free
CVE-2023-53836

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2023-53836?

A race condition in the Linux Kernel's socket management could lead to a use-after-free situation with sk_buff structures. When an application reads and subsequently frees a sk_buff, a reference to that sk_buff can still exist in the socket backlog. Consequently, if this reference is dequeued after the sk_buff has been freed, it can result in undefined behavior and general protection faults. To mitigate this issue, a revision was introduced that includes an skb_get() call before the enqueueing process, ensuring that the sk_buff remains valid, thus preventing the potential for use-after-free vulnerabilities.

Affected Version(s)

Linux 799aa7f98d53e0f541fa6b4dc9aa47b4ff2178e3 < 65ad600b9bde68d2d28709943ab00b51ca8f0a1d

Linux 799aa7f98d53e0f541fa6b4dc9aa47b4ff2178e3 < 923877254f002ae87d441382bb1096d9e773d56d

Linux 799aa7f98d53e0f541fa6b4dc9aa47b4ff2178e3

References

https://git.kernel.org/stable/c/65ad600b9bde68d2d28709943...

https://git.kernel.org/stable/c/923877254f002ae87d441382b...

https://git.kernel.org/stable/c/e6b5e47adb9166e732cdf7e6e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

JSON