CVE-2023-53103

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-53103
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53103.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53103
Downstream
Related
Published
2025-05-02T15:55:45Z
Modified
2025-10-21T16:05:30.524722Z
Summary
bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
Details

In the Linux kernel, the following vulnerability has been resolved:

bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails

syzbot reported a warning[1] where the bond device itself is a slave and we try to enslave a non-ethernet device as the first slave which fails but then in the error path when ethersetup() restores the bond device it also clears all flags. In my previous fix[2] I restored the IFFMASTER flag, but I didn't consider the case that the bond device itself might also be a slave with IFFSLAVE set, so we need to restore that flag as well. Use the bondether_setup helper which does the right thing and restores the bond's flags properly.

Steps to reproduce using a nlmon dev: $ ip l add nlmon0 type nlmon $ ip l add bond1 type bond $ ip l add bond2 type bond $ ip l set bond1 master bond2 $ ip l set dev nlmon0 master bond1 $ ip -d l sh dev bond1 22: bond1: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noqueue master bond2 state DOWN mode DEFAULT group default qlen 1000 (now bond1's IFF_SLAVE flag is gone and we'll hit a warning[3] if we try to delete it)

[1] https://syzkaller.appspot.com/bug?id=391c7b1f6522182899efba27d891f1743e8eb3ef [2] commit 7d5cd2ce5292 ("bonding: correctly handle bonding type change on enslave failure") [3] example warning: [ 27.008664] bond1: (slave nlmon0): The slave device specified does not support setting the MAC address [ 27.008692] bond1: (slave nlmon0): Error -95 calling setmacaddress [ 32.464639] bond1 (unregistering): Released all slaves [ 32.464685] ------------[ cut here ]------------ [ 32.464686] WARNING: CPU: 1 PID: 2004 at net/core/dev.c:10829 unregisternetdevicemany+0x72a/0x780 [ 32.464694] Modules linked in: brnetfilter bridge bonding virtionet [ 32.464699] CPU: 1 PID: 2004 Comm: ip Kdump: loaded Not tainted 5.18.0-rc3+ #47 [ 32.464703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014 [ 32.464704] RIP: 0010:unregisternetdevicemany+0x72a/0x780 [ 32.464707] Code: 99 fd ff ff ba 90 1a 00 00 48 c7 c6 f4 02 66 96 48 c7 c7 20 4d 35 96 c6 05 fa c7 2b 02 01 e8 be 6f 4a 00 0f 0b e9 73 fd ff ff <0f> 0b e9 5f fd ff ff 80 3d e3 c7 2b 02 00 0f 85 3b fd ff ff ba 59 [ 32.464710] RSP: 0018:ffffa006422d7820 EFLAGS: 00010206 [ 32.464712] RAX: ffff8f6e077140a0 RBX: ffffa006422d7888 RCX: 0000000000000000 [ 32.464714] RDX: ffff8f6e12edbe58 RSI: 0000000000000296 RDI: ffffffff96d4a520 [ 32.464716] RBP: ffff8f6e07714000 R08: ffffffff96d63600 R09: ffffa006422d7728 [ 32.464717] R10: 0000000000000ec0 R11: ffffffff9698c988 R12: ffff8f6e12edb140 [ 32.464719] R13: dead000000000122 R14: dead000000000100 R15: ffff8f6e12edb140 [ 32.464723] FS: 00007f297c2f1740(0000) GS:ffff8f6e5d900000(0000) knlGS:0000000000000000 [ 32.464725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.464726] CR2: 00007f297bf1c800 CR3: 00000000115e8000 CR4: 0000000000350ee0 [ 32.464730] Call Trace: [ 32.464763] <TASK> [ 32.464767] rtnldellink+0x13e/0x380 [ 32.464776] ? credhascapability.isra.0+0x68/0x100 [ 32.464780] ? rtnlunlock+0x33/0x60 [ 32.464783] ? bpflsmcapset+0x10/0x10 [ 32.464786] ? securitycapable+0x36/0x50 [ 32.464790] rtnetlinkrcvmsg+0x14e/0x3b0 [ 32.464792] ? _copytoiter+0xb1/0x790 [ 32.464796] ? postallochook+0xa0/0x160 [ 32.464799] ? rtnlcalcit.isra.0+0x110/0x110 [ 32.464802] netlinkrcvskb+0x50/0xf0 [ 32.464806] netlinkunicast+0x216/0x340 [ 32.464809] netlinksendmsg+0x23f/0x480 [ 32.464812] socksendmsg+0x5e/0x60 [ 32.464815] _syssendmsg+0x22c/0x270 [ 32.464818] ? importiovec+0x17/0x20 [ 32.464821] ? sendmsgcopymsghdr+0x59/0x90 [ 32.464823] ? dosetpte+0xa0/0xe0 [ 32.464828] _syssendmsg+0x81/0xc0 [ 32.464832] ? modobjcgstate+0xc6/0x300 [ 32.464835] ? refillobjstock+0xa9/0x160 [ 32.464838] ? memcgslabfreehook+0x1a5/0x1f0 [ 32.464842] _syssendm ---truncated---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7d5cd2ce5292b45e555de776cb9e72975a07460d
Fixed
93c8cbeb1b2b8ff670b3dfd01b3abd843995c80f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7d5cd2ce5292b45e555de776cb9e72975a07460d
Fixed
ecb1b5135bd3f232d5335b3935e2c2ac11bfa02f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7d5cd2ce5292b45e555de776cb9e72975a07460d
Fixed
0276813b8ab08d9bf5ca4159f301d0829ecf13fc
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7d5cd2ce5292b45e555de776cb9e72975a07460d
Fixed
e667d469098671261d558be0cd93dca4d285ce1e

Affected versions

v4.*

v4.10
v4.10-rc1
v4.10-rc2
v4.10-rc3
v4.10-rc4
v4.10-rc5
v4.10-rc6
v4.10-rc7
v4.10-rc8
v4.11
v4.11-rc1
v4.11-rc2
v4.11-rc3
v4.11-rc4
v4.11-rc5
v4.11-rc6
v4.11-rc7
v4.11-rc8
v4.12
v4.12-rc1
v4.12-rc2
v4.12-rc3
v4.12-rc4
v4.12-rc5
v4.12-rc6
v4.12-rc7
v4.13
v4.13-rc1
v4.13-rc2
v4.13-rc3
v4.13-rc4
v4.13-rc5
v4.13-rc6
v4.13-rc7
v4.14
v4.14-rc1
v4.14-rc2
v4.14-rc3
v4.14-rc4
v4.14-rc5
v4.14-rc6
v4.14-rc7
v4.14-rc8
v4.15
v4.15-rc1
v4.15-rc2
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18
v4.18-rc1
v4.18-rc2
v4.18-rc3
v4.18-rc4
v4.18-rc5
v4.18-rc6
v4.18-rc7
v4.18-rc8
v4.19
v4.19-rc1
v4.19-rc2
v4.19-rc3
v4.19-rc4
v4.19-rc5
v4.19-rc6
v4.19-rc7
v4.19-rc8
v4.2
v4.2-rc3
v4.2-rc4
v4.2-rc5
v4.2-rc6
v4.2-rc7
v4.2-rc8
v4.20
v4.20-rc1
v4.20-rc2
v4.20-rc3
v4.20-rc4
v4.20-rc5
v4.20-rc6
v4.20-rc7
v4.3
v4.3-rc1
v4.3-rc2
v4.3-rc3
v4.3-rc4
v4.3-rc5
v4.3-rc6
v4.3-rc7
v4.4
v4.4-rc1
v4.4-rc2
v4.4-rc3
v4.4-rc4
v4.4-rc5
v4.4-rc6
v4.4-rc7
v4.4-rc8
v4.5
v4.5-rc1
v4.5-rc2
v4.5-rc3
v4.5-rc4
v4.5-rc5
v4.5-rc6
v4.5-rc7
v4.6
v4.6-rc1
v4.6-rc2
v4.6-rc3
v4.6-rc4
v4.6-rc5
v4.6-rc6
v4.6-rc7
v4.7
v4.7-rc1
v4.7-rc2
v4.7-rc3
v4.7-rc4
v4.7-rc5
v4.7-rc6
v4.7-rc7
v4.8
v4.8-rc1
v4.8-rc2
v4.8-rc3
v4.8-rc4
v4.8-rc5
v4.8-rc6
v4.8-rc7
v4.8-rc8
v4.9
v4.9-rc1
v4.9-rc2
v4.9-rc3
v4.9-rc4
v4.9-rc5
v4.9-rc6
v4.9-rc7
v4.9-rc8

v5.*

v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.100
v5.15.101
v5.15.102
v5.15.103
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.83
v5.15.84
v5.15.85
v5.15.86
v5.15.87
v5.15.88
v5.15.89
v5.15.9
v5.15.90
v5.15.91
v5.15.92
v5.15.93
v5.15.94
v5.15.95
v5.15.96
v5.15.97
v5.15.98
v5.15.99
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.3-rc1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-53103-04aad276",
        "target": {
            "file": "drivers/net/bonding/bond_main.c"
        },
        "digest": {
            "line_hashes": [
                "255572373124566089155712747063855198577",
                "18675477661402522188326493643582342808",
                "140330874349049576993204218714043732496",
                "326217164725671731464629172341901301947",
                "231630831932962834742733776678721596991",
                "230609320530051440097934248232049899854"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@93c8cbeb1b2b8ff670b3dfd01b3abd843995c80f",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53103-5349d5a5",
        "target": {
            "function": "bond_enslave",
            "file": "drivers/net/bonding/bond_main.c"
        },
        "digest": {
            "length": 10845.0,
            "function_hash": "37674307995765767792482351317015017927"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@93c8cbeb1b2b8ff670b3dfd01b3abd843995c80f",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53103-53c85c89",
        "target": {
            "file": "drivers/net/bonding/bond_main.c"
        },
        "digest": {
            "line_hashes": [
                "255572373124566089155712747063855198577",
                "18675477661402522188326493643582342808",
                "140330874349049576993204218714043732496",
                "326217164725671731464629172341901301947",
                "231630831932962834742733776678721596991",
                "230609320530051440097934248232049899854"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ecb1b5135bd3f232d5335b3935e2c2ac11bfa02f",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53103-a6a6a095",
        "target": {
            "function": "bond_enslave",
            "file": "drivers/net/bonding/bond_main.c"
        },
        "digest": {
            "length": 10852.0,
            "function_hash": "92259863224682706384212612544753395154"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ecb1b5135bd3f232d5335b3935e2c2ac11bfa02f",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53103-c4184e3e",
        "target": {
            "function": "bond_enslave",
            "file": "drivers/net/bonding/bond_main.c"
        },
        "digest": {
            "length": 10874.0,
            "function_hash": "219279217206148785139125775099247146642"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e667d469098671261d558be0cd93dca4d285ce1e",
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-53103-cdee9e85",
        "target": {
            "file": "drivers/net/bonding/bond_main.c"
        },
        "digest": {
            "line_hashes": [
                "255572373124566089155712747063855198577",
                "18675477661402522188326493643582342808",
                "140330874349049576993204218714043732496",
                "326217164725671731464629172341901301947",
                "231630831932962834742733776678721596991",
                "230609320530051440097934248232049899854"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0276813b8ab08d9bf5ca4159f301d0829ecf13fc",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53103-d32b43fd",
        "target": {
            "file": "drivers/net/bonding/bond_main.c"
        },
        "digest": {
            "line_hashes": [
                "255572373124566089155712747063855198577",
                "18675477661402522188326493643582342808",
                "140330874349049576993204218714043732496",
                "326217164725671731464629172341901301947",
                "231630831932962834742733776678721596991",
                "230609320530051440097934248232049899854"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e667d469098671261d558be0cd93dca4d285ce1e",
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-53103-ed1579cb",
        "target": {
            "function": "bond_enslave",
            "file": "drivers/net/bonding/bond_main.c"
        },
        "digest": {
            "length": 10874.0,
            "function_hash": "219279217206148785139125775099247146642"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0276813b8ab08d9bf5ca4159f301d0829ecf13fc",
        "signature_type": "Function"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.2.0
Fixed
5.15.104
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.21
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.2.8