CVE-2023-53601
- Source
- https://cve.org/CVERecord?id=CVE-2023-53601
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53601.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53601
- Downstream
- Related
- Published
- 2025-10-04T15:44:12.477Z
- Modified
- 2026-02-21T09:10:29.798652Z
- Summary
- bonding: do not assume skb mac_header is set
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bonding: do not assume skb mac_header is set
Drivers must not assume in their ndostartxmit() that skbs have their mac_header set. skb->data is all what is needed.
bonding seems to be one of the last offender as caught by syzbot:
WARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skbmacoffset include/linux/skbuff.h:2913 [inline] WARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bondxmithash drivers/net/bonding/bondmain.c:4170 [inline] WARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bondxmit3adxorslaveget drivers/net/bonding/bondmain.c:5149 [inline] WARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond3adxorxmit drivers/net/bonding/bondmain.c:5186 [inline] WARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bondstartxmit drivers/net/bonding/bondmain.c:5442 [inline] WARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bondstartxmit+0x14ab/0x19d0 drivers/net/bonding/bondmain.c:5470 Modules linked in: CPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 RIP: 0010:skbmacheader include/linux/skbuff.h:2907 [inline] RIP: 0010:skbmacoffset include/linux/skbuff.h:2913 [inline] RIP: 0010:bondxmithash drivers/net/bonding/bondmain.c:4170 [inline] RIP: 0010:bondxmit3adxorslaveget drivers/net/bonding/bondmain.c:5149 [inline] RIP: 0010:bond3adxorxmit drivers/net/bonding/bondmain.c:5186 [inline] RIP: 0010:bondstartxmit drivers/net/bonding/bondmain.c:5442 [inline] RIP: 0010:bondstartxmit+0x14ab/0x19d0 drivers/net/bonding/bondmain.c:5470 Code: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe <0f> 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe RSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283 RAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000 RDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6 RBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584 R10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e R13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76 FS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> [<ffffffff8471a49f>] netdevstartxmit include/linux/netdevice.h:4925 [inline] [<ffffffff8471a49f>] _devdirectxmit+0x4ef/0x850 net/core/dev.c:4380 [<ffffffff851d845b>] devdirectxmit include/linux/netdevice.h:3043 [inline] [<ffffffff851d845b>] packetdirectxmit+0x18b/0x300 net/packet/afpacket.c:284 [<ffffffff851c7472>] packetsnd net/packet/afpacket.c:3112 [inline] [<ffffffff851c7472>] packetsendmsg+0x4a22/0x64d0 net/packet/afpacket.c:3143 [<ffffffff8467a4b2>] socksendmsgnosec net/socket.c:716 [inline] [<ffffffff8467a4b2>] socksendmsg net/socket.c:736 [inline] [<ffffffff8467a4b2>] _syssendto+0x472/0x5f0 net/socket.c:2139 [<ffffffff8467a715>] _dosyssendto net/socket.c:2151 [inline] [<ffffffff8467a715>] _sesyssendto net/socket.c:2147 [inline] [<ffffffff8467a715>] _x64syssendto+0xe5/0x100 net/socket.c:2147 [<ffffffff8553071f>] dosyscallx64 arch/x86/entry/common.c:50 [inline] [<ffffffff8553071f>] dosyscall64+0x2f/0x50 arch/x86/entry/common.c:80 [<ffffffff85600087>] entrySYSCALL64afterhwframe+0x63/0xcd
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53601.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/029d892b05fc5e42a1b1c0665f62cb3e4b23e6dc
- https://git.kernel.org/stable/c/37b6143376a578265add04f35161b257eeb84a5e
- https://git.kernel.org/stable/c/6a940abdef3162e5723f1495b8a49859d1708f79
- https://git.kernel.org/stable/c/bc16fc63592c419357dd4c4d82d50762102a60ef
- https://git.kernel.org/stable/c/c96cc3d9acaca53d9a81c884c23f1224b61c829b
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53601.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53601
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7b8fc0103bb51d1d3e1fb5fd67958612e709f883Fixed029d892b05fc5e42a1b1c0665f62cb3e4b23e6dcFixed37b6143376a578265add04f35161b257eeb84a5eFixedc96cc3d9acaca53d9a81c884c23f1224b61c829bFixedbc16fc63592c419357dd4c4d82d50762102a60efFixed6a940abdef3162e5723f1495b8a49859d1708f79
Affected versions
v5.*
v6.*
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53601.json"
vanir_signatures
[
{
"id": "CVE-2023-53601-014881aa",
"target": {
"function": "bond_xmit_hash",
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a940abdef3162e5723f1495b8a49859d1708f79",
"digest": {
"function_hash": "113446802704656220746592908769451928154",
"length": 295.0
},
"signature_type": "Function"
},
{
"id": "CVE-2023-53601-0a3ac4b6",
"target": {
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@37b6143376a578265add04f35161b257eeb84a5e",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228890020831031011307693809662211472915",
"2015869883790451378289218240512114130",
"47359346029152351270569319334194985862",
"222083244167610279592291818838253166749"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-53601-5d304d9c",
"target": {
"function": "bond_xmit_hash",
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@37b6143376a578265add04f35161b257eeb84a5e",
"digest": {
"function_hash": "113446802704656220746592908769451928154",
"length": 295.0
},
"signature_type": "Function"
},
{
"id": "CVE-2023-53601-9712fcae",
"target": {
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c96cc3d9acaca53d9a81c884c23f1224b61c829b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228890020831031011307693809662211472915",
"2015869883790451378289218240512114130",
"47359346029152351270569319334194985862",
"222083244167610279592291818838253166749"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-53601-9de4047b",
"target": {
"function": "bond_xmit_hash",
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bc16fc63592c419357dd4c4d82d50762102a60ef",
"digest": {
"function_hash": "113446802704656220746592908769451928154",
"length": 295.0
},
"signature_type": "Function"
},
{
"id": "CVE-2023-53601-a2f26d1e",
"target": {
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bc16fc63592c419357dd4c4d82d50762102a60ef",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228890020831031011307693809662211472915",
"2015869883790451378289218240512114130",
"47359346029152351270569319334194985862",
"222083244167610279592291818838253166749"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-53601-baa242bd",
"target": {
"function": "bond_xmit_hash",
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c96cc3d9acaca53d9a81c884c23f1224b61c829b",
"digest": {
"function_hash": "113446802704656220746592908769451928154",
"length": 295.0
},
"signature_type": "Function"
},
{
"id": "CVE-2023-53601-bcdf6903",
"target": {
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a940abdef3162e5723f1495b8a49859d1708f79",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228890020831031011307693809662211472915",
"2015869883790451378289218240512114130",
"47359346029152351270569319334194985862",
"222083244167610279592291818838253166749"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-53601-c88a33c5",
"target": {
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@029d892b05fc5e42a1b1c0665f62cb3e4b23e6dc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"228890020831031011307693809662211472915",
"2015869883790451378289218240512114130",
"47359346029152351270569319334194985862",
"222083244167610279592291818838253166749"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-53601-ed896791",
"target": {
"function": "bond_xmit_hash",
"file": "drivers/net/bonding/bond_main.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@029d892b05fc5e42a1b1c0665f62cb3e4b23e6dc",
"digest": {
"function_hash": "113446802704656220746592908769451928154",
"length": 295.0
},
"signature_type": "Function"
}
]
Git / github.com/gregkh/linux
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gregkh/linux
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed