CVE-2023-53190
- Published: 2025-09-15T14:15:41.277
In the Linux kernel, the following vulnerability has been resolved:
vxlan: Fix memory leaks in error path
The memory allocated by vxlan_vnigroup_init() is not freed in the error
path, leading to memory leaks [1]. Fix by calling
vxlan_vnigroup_uninit() in the error path.
The leaks can be reproduced by annotating gro_cells_init() with
ALLOW_ERROR_INJECTION() and then running:
# echo “100” > /sys/kernel/debug/fail_function/probability
# echo “1” > /sys/kernel/debug/fail_function/times
# echo “gro_cells_init” > /sys/kernel/debug/fail_function/inject
# printf %#x -12 > /sys/kernel/debug/fail_function/gro_cells_init/retval
# ip link add name vxlan0 type vxlan dstport 4789 external vnifilter
RTNETLINK answers: Cannot allocate memory
[1]
unreferenced object 0xffff88810db84a00 (size 512):
comm “ip”, pid 330, jiffies 4295010045 (age 66.016s)
hex dump (first 32 bytes):
f8 d5 76 0e 81 88 ff ff 01 00 00 00 00 00 00 02 ..v………….
03 00 04 00 48 00 00 00 00 00 00 01 04 00 01 00 ….H………..
backtrace:
[] kmalloc_trace+0x2a/0x60
[] vxlan_vnigroup_init+0x4c/0x160
[] vxlan_init+0x1ae/0x280
[] register_netdevice+0x57a/0x16d0
[] __vxlan_dev_create+0x7c7/0xa50
[] vxlan_newlink+0xd6/0x130
[] __rtnl_newlink+0x112b/0x18a0
[] rtnl_newlink+0x6c/0xa0
[] rtnetlink_rcv_msg+0x43f/0xd40
[] netlink_rcv_skb+0x170/0x440
[] netlink_unicast+0x53f/0x810
[] netlink_sendmsg+0x958/0xe70
[] ____sys_sendmsg+0x78f/0xa90
[] ___sys_sendmsg+0x13a/0x1e0
[] __sys_sendmsg+0x11c/0x1f0
[] do_syscall_64+0x38/0x80
unreferenced object 0xffff88810e76d5f8 (size 192):
comm “ip”, pid 330, jiffies 4295010045 (age 66.016s)
hex dump (first 32 bytes):
04 00 00 00 00 00 00 00 db e1 4f e7 00 00 00 00 ……….O…..
08 d6 76 0e 81 88 ff ff 08 d6 76 0e 81 88 ff ff ..v…….v…..
backtrace:
[] __kmalloc_node+0x4e/0x90
[] kvmalloc_node+0xa6/0x1f0
[] bucket_table_alloc.isra.0+0x83/0x460
[] rhashtable_init+0x43b/0x7c0
[] vxlan_vnigroup_init+0x6c/0x160
[] vxlan_init+0x1ae/0x280
[] register_netdevice+0x57a/0x16d0
[] __vxlan_dev_create+0x7c7/0xa50
[] vxlan_newlink+0xd6/0x130
[] __rtnl_newlink+0x112b/0x18a0
[] rtnl_newlink+0x6c/0xa0
[] rtnetlink_rcv_msg+0x43f/0xd40
[] netlink_rcv_skb+0x170/0x440
[] netlink_unicast+0x53f/0x810
[] netlink_sendmsg+0x958/0xe70
[] ____sys_sendmsg+0x78f/0xa90
Related CVE by CWE
No related CWE found.
Top CVE for Vendor
No vendor taxonomy on this entry.
Recently Exploited Similar Vulnerabilities
No recent KEV-listed items for this vendor/product.
How to fix CVE-2023-53190
Description: In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix memory leaks in error path The memory allocated by vxlan_vnigroup_init() is not freed in the error path, leading to memory leaks [1]. Fix by calling vxlan_vnigroup_uninit() in the error path. The leaks can be reproduced by annotating gro_cells_init() with ALLOW_ERROR_INJECTION() and then running: […]
Exploit Difficulty: HARD
⏱️ Time to exploit: > 4 hours
🛠️ Required skills: Advanced security expertise
💰 Public exploits: Rare or not public
How to Fix:
- Check if you're running the affected product
- Update to the latest patched version
- If patching is not immediately possible: restrict network exposure, apply least-privilege access
- Test the fix in a staging environment first
- Review logs for signs of exploitation
- Monitor for IOCs (Indicators of Compromise)
- Enable automatic security updates
- Set up vulnerability monitoring
- Review and harden security configurations
Exploit Difficulty Assessment
Vulnerability Timeline
CVE details first published to NVD database
Added to this CVE tracking system
Detection Rules & IOCs
No specific detection rules generated for this vulnerability type.
No vendor/product data available.