{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53189", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-15T13:59:19.066Z", "datePublished": "2025-09-15T14:05:26.685Z", "dateUpdated": "2025-09-15T14:05:26.685Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-15T14:05:26.685Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6/addrconf: fix a potential refcount underflow for idev\n\nNow in addrconf_mod_rs_timer(), reference idev depends on whether\nrs_timer is not pending. Then modify rs_timer timeout.\n\nThere is a time gap in [1], during which if the pending rs_timer\nbecomes not pending. It will miss to hold idev, but the rs_timer\nis activated. Thus rs_timer callback function addrconf_rs_timer()\nwill be executed and put idev later without holding idev. A refcount\nunderflow issue for idev can be caused by this.\n\n\tif (!timer_pending(&idev->rs_timer))\n\t\tin6_dev_hold(idev);\n\t\t <--------------[1]\n\tmod_timer(&idev->rs_timer, jiffies + when);\n\nTo fix the issue, hold idev if mod_timer() return 0."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/addrconf.c"], "versions": [{"version": "b7b1bfce0bb68bd8f6e62a28295922785cc63781", "lessThan": "c6395e32935d35e6f935e7caf1c2dac5a95943b4", "status": "affected", "versionType": "git"}, {"version": "b7b1bfce0bb68bd8f6e62a28295922785cc63781", "lessThan": "df62fdcd004afa72ecbed0e862ebb983acd3aa57", "status": "affected", "versionType": "git"}, {"version": "b7b1bfce0bb68bd8f6e62a28295922785cc63781", "lessThan": "c7eeba47058532f6077d6a658e38b6698f6ae71a", "status": "affected", "versionType": "git"}, {"version": "b7b1bfce0bb68bd8f6e62a28295922785cc63781", "lessThan": "2ad31ce40e8182860b631e37209e93e543790b7c", "status": "affected", "versionType": "git"}, {"version": "b7b1bfce0bb68bd8f6e62a28295922785cc63781", "lessThan": "82abd1c37d3bf2a2658b34772c17a25a6f9cca42", "status": "affected", "versionType": "git"}, {"version": "b7b1bfce0bb68bd8f6e62a28295922785cc63781", "lessThan": "436b7cc7eae7851c184b671ed7a4a64c750b86f7", "status": "affected", "versionType": "git"}, {"version": "b7b1bfce0bb68bd8f6e62a28295922785cc63781", "lessThan": "1f656e483eb4733d62f18dfb206a49b78f60f495", "status": "affected", "versionType": "git"}, {"version": "b7b1bfce0bb68bd8f6e62a28295922785cc63781", "lessThan": "06a0716949c22e2aefb648526580671197151acc", "status": "affected", "versionType": "git"}, {"version": "973d5956f754cfc306f5e274d71503498f4b0324", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/addrconf.c"], "versions": [{"version": "3.11", "status": "affected"}, {"version": "0", "lessThan": "3.11", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.322", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.291", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.251", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.188", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.121", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.40", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.5", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11", "versionEndExcluding": "4.14.322"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11", "versionEndExcluding": "4.19.291"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11", "versionEndExcluding": "5.4.251"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11", "versionEndExcluding": "5.10.188"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11", "versionEndExcluding": "5.15.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11", "versionEndExcluding": "6.1.40"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11", "versionEndExcluding": "6.4.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11", "versionEndExcluding": "6.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10.105"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c6395e32935d35e6f935e7caf1c2dac5a95943b4"}, {"url": "https://git.kernel.org/stable/c/df62fdcd004afa72ecbed0e862ebb983acd3aa57"}, {"url": "https://git.kernel.org/stable/c/c7eeba47058532f6077d6a658e38b6698f6ae71a"}, {"url": "https://git.kernel.org/stable/c/2ad31ce40e8182860b631e37209e93e543790b7c"}, {"url": "https://git.kernel.org/stable/c/82abd1c37d3bf2a2658b34772c17a25a6f9cca42"}, {"url": "https://git.kernel.org/stable/c/436b7cc7eae7851c184b671ed7a4a64c750b86f7"}, {"url": "https://git.kernel.org/stable/c/1f656e483eb4733d62f18dfb206a49b78f60f495"}, {"url": "https://git.kernel.org/stable/c/06a0716949c22e2aefb648526580671197151acc"}], "title": "ipv6/addrconf: fix a potential refcount underflow for idev", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6/addrconf: fix a potential refcount underflow for idev\n\nNow in addrconf_mod_rs_timer(), reference idev depends on whether\nrs_timer is not pending. Then modify rs_timer timeout.\n\nThere is a time gap in [1], during which if the pending rs_timer\nbecomes not pending. It will miss to hold idev, but the rs_timer\nis activated. Thus rs_timer callback function addrconf_rs_timer()\nwill be executed and put idev later without holding idev. A refcount\nunderflow issue for idev can be caused by this.\n\n\tif (!timer_pending(&idev->rs_timer))\n\t\tin6_dev_hold(idev);\n\t\t <--------------[1]\n\tmod_timer(&idev->rs_timer, jiffies + when);\n\nTo fix the issue, hold idev if mod_timer() return 0."}], "id": "CVE-2023-53189", "lastModified": "2025-09-15T15:22:27.090", "metrics": {}, "published": "2025-09-15T14:15:41.150", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/06a0716949c22e2aefb648526580671197151acc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1f656e483eb4733d62f18dfb206a49b78f60f495"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2ad31ce40e8182860b631e37209e93e543790b7c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/436b7cc7eae7851c184b671ed7a4a64c750b86f7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/82abd1c37d3bf2a2658b34772c17a25a6f9cca42"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c6395e32935d35e6f935e7caf1c2dac5a95943b4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c7eeba47058532f6077d6a658e38b6698f6ae71a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/df62fdcd004afa72ecbed0e862ebb983acd3aa57"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}