CVE-2023-53190

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53190
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53190.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-53190
Downstream
Published
2025-09-15T14:06:19.139Z
Modified
2026-04-02T09:43:46.452333Z
Summary
vxlan: Fix memory leaks in error path
Details

In the Linux kernel, the following vulnerability has been resolved:

vxlan: Fix memory leaks in error path

The memory allocated by vxlanvnigroupinit() is not freed in the error path, leading to memory leaks [1]. Fix by calling vxlanvnigroupuninit() in the error path.

The leaks can be reproduced by annotating grocellsinit() with ALLOWERRORINJECTION() and then running:

# echo "100" > /sys/kernel/debug/failfunction/probability # echo "1" > /sys/kernel/debug/failfunction/times # echo "grocellsinit" > /sys/kernel/debug/failfunction/inject # printf %#x -12 > /sys/kernel/debug/failfunction/grocellsinit/retval # ip link add name vxlan0 type vxlan dstport 4789 external vnifilter RTNETLINK answers: Cannot allocate memory

[1] unreferenced object 0xffff88810db84a00 (size 512): comm "ip", pid 330, jiffies 4295010045 (age 66.016s) hex dump (first 32 bytes): f8 d5 76 0e 81 88 ff ff 01 00 00 00 00 00 00 02 ..v............. 03 00 04 00 48 00 00 00 00 00 00 01 04 00 01 00 ....H........... backtrace: [<ffffffff81a3097a>] kmalloctrace+0x2a/0x60 [<ffffffff82f049fc>] vxlanvnigroupinit+0x4c/0x160 [<ffffffff82ecd69e>] vxlaninit+0x1ae/0x280 [<ffffffff836858ca>] register_netdevice+0x57a/0x16d0 [<ffffffff82ef67b7>] __vxlandevcreate+0x7c7/0xa50 [<ffffffff82ef6ce6>] vxlan_newlink+0xd6/0x130 [<ffffffff836d02ab>] __rtnlnewlink+0x112b/0x18a0 [<ffffffff836d0a8c>] rtnlnewlink+0x6c/0xa0 [<ffffffff836c0ddf>] rtnetlinkrcvmsg+0x43f/0xd40 [<ffffffff83908ce0>] netlinkrcvskb+0x170/0x440 [<ffffffff839066af>] netlinkunicast+0x53f/0x810 [<ffffffff839072d8>] netlinksendmsg+0x958/0xe70 [<ffffffff835c319f>] ____sys_sendmsg+0x78f/0xa90 [<ffffffff835cd6da>] ___sys_sendmsg+0x13a/0x1e0 [<ffffffff835cd94c>] __syssendmsg+0x11c/0x1f0 [<ffffffff8424da78>] dosyscall_64+0x38/0x80 unreferenced object 0xffff88810e76d5f8 (size 192): comm "ip", pid 330, jiffies 4295010045 (age 66.016s) hex dump (first 32 bytes): 04 00 00 00 00 00 00 00 db e1 4f e7 00 00 00 00 ..........O..... 08 d6 76 0e 81 88 ff ff 08 d6 76 0e 81 88 ff ff ..v.......v..... backtrace: [<ffffffff81a3162e>] __kmallocnode+0x4e/0x90 [<ffffffff81a0e166>] kvmallocnode+0xa6/0x1f0 [<ffffffff8276e1a3>] buckettablealloc.isra.0+0x83/0x460 [<ffffffff8276f18b>] rhashtableinit+0x43b/0x7c0 [<ffffffff82f04a1c>] vxlanvnigroup_init+0x6c/0x160 [<ffffffff82ecd69e>] vxlaninit+0x1ae/0x280 [<ffffffff836858ca>] registernetdevice+0x57a/0x16d0 [<ffffffff82ef67b7>] __vxlandevcreate+0x7c7/0xa50 [<ffffffff82ef6ce6>] vxlan_newlink+0xd6/0x130 [<ffffffff836d02ab>] __rtnlnewlink+0x112b/0x18a0 [<ffffffff836d0a8c>] rtnlnewlink+0x6c/0xa0 [<ffffffff836c0ddf>] rtnetlinkrcvmsg+0x43f/0xd40 [<ffffffff83908ce0>] netlinkrcvskb+0x170/0x440 [<ffffffff839066af>] netlinkunicast+0x53f/0x810 [<ffffffff839072d8>] netlinksendmsg+0x958/0xe70 [<ffffffff835c319f>] ___syssendmsg+0x78f/0xa90

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53190.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f9c4bb0b245cee35ef66f75bf409c9573d934cf9
Fixed
75c1ab900f7cf0485f0be1607c79c55f51faaa90
Fixed
5896f55810680391a32652ca2b91245a05c11e22
Fixed
06bf62944144a92d83dd14fd1378d2a288259561

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53190.json"