{"id":"CVE-2023-53365","summary":"ip6mr: Fix skb_under_panic in ip6mr_cache_report()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nip6mr: Fix skb_under_panic in ip6mr_cache_report()\n\nskbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4\n head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg\n ------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:192!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Workqueue: ipv6_addrconf addrconf_dad_work\n RIP: 0010:skb_panic+0x152/0x1d0\n Call Trace:\n  \u003cTASK\u003e\n  skb_push+0xc4/0xe0\n  ip6mr_cache_report+0xd69/0x19b0\n  reg_vif_xmit+0x406/0x690\n  dev_hard_start_xmit+0x17e/0x6e0\n  __dev_queue_xmit+0x2d6a/0x3d20\n  vlan_dev_hard_start_xmit+0x3ab/0x5c0\n  dev_hard_start_xmit+0x17e/0x6e0\n  __dev_queue_xmit+0x2d6a/0x3d20\n  neigh_connected_output+0x3ed/0x570\n  ip6_finish_output2+0x5b5/0x1950\n  ip6_finish_output+0x693/0x11c0\n  ip6_output+0x24b/0x880\n  NF_HOOK.constprop.0+0xfd/0x530\n  ndisc_send_skb+0x9db/0x1400\n  ndisc_send_rs+0x12a/0x6c0\n  addrconf_dad_completed+0x3c9/0xea0\n  addrconf_dad_work+0x849/0x1420\n  process_one_work+0xa22/0x16e0\n  worker_thread+0x679/0x10c0\n  ret_from_fork+0x28/0x60\n  ret_from_fork_asm+0x11/0x20\n\nWhen setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().\nreg_vif_xmit()\n    ip6mr_cache_report()\n        skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4\nAnd skb_push declared as:\n\tvoid *skb_push(struct sk_buff *skb, unsigned int len);\n\t\tskb-\u003edata -= len;\n\t\t//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850\nskb-\u003edata is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails.","modified":"2026-04-11T12:46:45.879869Z","published":"2025-09-17T14:56:53.781Z","related":["SUSE-SU-2025:03600-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4111-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4135-1","SUSE-SU-2025:4139-1","SUSE-SU-2025:4141-1","SUSE-SU-2025:4149-1","SUSE-SU-2025:4188-1","SUSE-SU-2025:4315-1","SUSE-SU-2025:4320-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53365.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0438e60a00d4e335b3c36397dbf26c74b5d13ef0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1683124129a4263dd5bce2475bab110e95fa0346"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1bb54a21f4d9b88442f8c3307c780e2db64417e4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/30e0191b16e8a58e4620fa3e2839ddc7b9d4281c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3326c711f18d18fe6e1f5d83d3a7eab07e5a1560"},{"type":"WEB","url":"https://git.kernel.org/stable/c/691a09eecad97e745b9aa0e3918db46d020bdacb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8382e7ed2d63e6c2daf6881fa091526dc6c879cd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a96d74d1076c82a4cef02c150d9996b21354c78d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53365.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53365"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"14fb64e1f449ef6666f1c3a3fa4e13aec669b98d"},{"fixed":"a96d74d1076c82a4cef02c150d9996b21354c78d"},{"fixed":"8382e7ed2d63e6c2daf6881fa091526dc6c879cd"},{"fixed":"0438e60a00d4e335b3c36397dbf26c74b5d13ef0"},{"fixed":"1683124129a4263dd5bce2475bab110e95fa0346"},{"fixed":"1bb54a21f4d9b88442f8c3307c780e2db64417e4"},{"fixed":"691a09eecad97e745b9aa0e3918db46d020bdacb"},{"fixed":"3326c711f18d18fe6e1f5d83d3a7eab07e5a1560"},{"fixed":"30e0191b16e8a58e4620fa3e2839ddc7b9d4281c"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53365.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.26"},{"fixed":"4.14.322"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.291"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.190"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.126"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.45"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.4.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53365.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}