CVE-2023-53669
MEDIUM EPSS 3.1%
Published Oct 7, 20258mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Oct 7, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: tcp: fix skb_copy_ubufs() vs BIG TCP David Ahern reported crashes in skb_copy_ubufs() caused by TCP tx zerocopy using hugepages, and skb length bigger than ~68 KB. skb_copy_ubufs() assumed it could copy all payload using up to MAX_SKB_FRAGS order-0 pages. This assumption broke when BIG TCP was able to put up to 512 KB per skb. We did not hit this bug at Google because we use CONFIG_MAX_SKB_FRAGS=45 and limit gso_max_size to 180000. A solution is to use higher order pages if needed. v2: add missing __GFP_COMP, or we leak memory.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
3.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-401
Affected Products 3
References 4
- git.kernel.org https://git.kernel.org/stable/c/3c77a377877acbaf03cd7caa21d3644a5dd16301
- git.kernel.org https://git.kernel.org/stable/c/7e692df3933628d974acb9f5b334d2b3e885e2a6
- git.kernel.org https://git.kernel.org/stable/c/7fa93e39fbb0566019c388a8038a4d58552e0910
- git.kernel.org https://git.kernel.org/stable/c/9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f
Remediation
- git.kernel.org https://git.kernel.org/stable/c/3c77a377877acbaf03cd7caa21d3644a5dd16301
- git.kernel.org https://git.kernel.org/stable/c/7e692df3933628d974acb9f5b334d2b3e885e2a6
- git.kernel.org https://git.kernel.org/stable/c/7fa93e39fbb0566019c388a8038a4d58552e0910
- git.kernel.org https://git.kernel.org/stable/c/9cd62f0ba465cf647c7d8c2ca7b0d99ea0c1328f