{"id":"CVE-2023-53669","summary":"tcp: fix skb_copy_ubufs() vs BIG TCP","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix skb_copy_ubufs() vs BIG TCP\n\nDavid Ahern reported crashes in skb_copy_ubufs() caused by TCP tx zerocopy\nusing hugepages, and skb length bigger than ~68 KB.\n\nskb_copy_ubufs() assumed it could copy all payload using up to\nMAX_SKB_FRAGS order-0 pages.\n\nThis assumption broke when BIG TCP was able to put up to 512 KB per skb.\n\nWe did not hit this bug at Google because we use CONFIG_MAX_SKB_FRAGS=45\nand limit gso_max_size to 180000.\n\nA solution is to use higher order pages if needed.\n\nv2: add missing __GFP_COMP, or we leak memory.","modified":"2026-03-20T12:33:17.051949Z","published":"2025-10-07T15:21:26.896Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53669.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3c77a377877acbaf03cd7caa21d3644a5dd16301"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7e692df3933628d974acb9f5b334d2b3e885e2a6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7fa93e39fbb0566019c388a8038a4d58552e0910"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53669.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53669"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7c4e983c4f3cf94fcd879730c6caa877e0768a4d"},{"fixed":"7fa93e39fbb0566019c388a8038a4d58552e0910"},{"fixed":"3c77a377877acbaf03cd7caa21d3644a5dd16301"},{"fixed":"9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f"},{"fixed":"7e692df3933628d974acb9f5b334d2b3e885e2a6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53669.json"}}],"schema_version":"1.7.5"}