CVE-2023-53669
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53669
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53669.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53669
- Downstream
- Published
- 2025-10-07T15:21:26.896Z
- Modified
- 2025-11-20T03:00:23.586721Z
- Summary
- tcp: fix skb_copy_ubufs() vs BIG TCP
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix skbcopyubufs() vs BIG TCP
David Ahern reported crashes in skbcopyubufs() caused by TCP tx zerocopy using hugepages, and skb length bigger than ~68 KB.
skbcopyubufs() assumed it could copy all payload using up to MAXSKBFRAGS order-0 pages.
This assumption broke when BIG TCP was able to put up to 512 KB per skb.
We did not hit this bug at Google because we use CONFIGMAXSKBFRAGS=45 and limit gsomax_size to 180000.
A solution is to use higher order pages if needed.
v2: add missing _GFPCOMP, or we leak memory.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/3c77a377877acbaf03cd7caa21d3644a5dd16301
- https://git.kernel.org/stable/c/7e692df3933628d974acb9f5b334d2b3e885e2a6
- https://git.kernel.org/stable/c/7fa93e39fbb0566019c388a8038a4d58552e0910
- https://git.kernel.org/stable/c/9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7c4e983c4f3cf94fcd879730c6caa877e0768a4dFixed7fa93e39fbb0566019c388a8038a4d58552e0910
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7c4e983c4f3cf94fcd879730c6caa877e0768a4dFixed3c77a377877acbaf03cd7caa21d3644a5dd16301
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7c4e983c4f3cf94fcd879730c6caa877e0768a4dFixed9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7c4e983c4f3cf94fcd879730c6caa877e0768a4dFixed7e692df3933628d974acb9f5b334d2b3e885e2a6
Affected versions
v5.*
v5.18
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.2.1
v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.2.15
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.3.1
v6.3.2