| Name | CVE-2023-53189 |
| Description | In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconf_mod_rs_timer(), reference idev depends on whether rs_timer is not pending. Then modify rs_timer timeout. There is a time gap in [1], during which if the pending rs_timer becomes not pending. It will miss to hold idev, but the rs_timer is activated. Thus rs_timer callback function addrconf_rs_timer() will be executed and put idev later without holding idev. A refcount underflow issue for idev can be caused by this. if (!timer_pending(&idev->rs_timer)) in6_dev_hold(idev); <--------------[1] mod_timer(&idev->rs_timer, jiffies + when); To fix the issue, hold idev if mod_timer() return 0. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| linux (PTS) | bullseye | 5.10.223-1 | fixed |
| bullseye (security) | 5.10.237-1 | fixed | |
| bookworm | 6.1.148-1 | fixed | |
| bookworm (security) | 6.1.147-1 | fixed | |
| trixie | 6.12.43-1 | fixed | |
| trixie (security) | 6.12.41-1 | fixed | |
| forky | 6.16.3-1 | fixed | |
| sid | 6.16.7-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| linux | source | bullseye | 5.10.191-1 | |||
| linux | source | bookworm | 6.1.52-1 | |||
| linux | source | (unstable) | 6.4.11-1 |
https://git.kernel.org/linus/06a0716949c22e2aefb648526580671197151acc (6.5-rc2)