Login Sign Up

CVE-2023-52796

7.8 HIGH

📋 TL;DR

This CVE describes a stack overflow vulnerability in the Linux kernel's ipvlan network driver when processing IPv6 outbound traffic. It affects systems using stacked ipvlan devices and can lead to kernel crashes or potential local privilege escalation. The vulnerability is triggered by excessive stack usage during route lookups in specific network configurations.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only affects systems using ipvlan network interfaces with stacked devices (multiple ipvlan layers). Requires IPv6 configuration.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, denial of service, or potential local privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

System crash or kernel panic when using stacked ipvlan devices with IPv6 traffic, causing denial of service.

🟢

If Mitigated

No impact if ipvlan is not used or if devices are not stacked beyond the problematic threshold.

🌐 Internet-Facing: LOW - Requires specific local network configuration with stacked ipvlan devices.
🏢 Internal Only: MEDIUM - Internal systems using ipvlan networking with stacked devices are vulnerable to crashes.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires local network access and specific ipvlan configuration. Discovered through syzbot fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 03cddc4df8c6be47fd27c8f8b87e5f9a989e1458, 18f039428c7df183b09c69ebf10ffd4e521035d2, 1f64cad3ac38ac5978b53c40e6c5e6fd3477c68f, 43b781e7cb5cd0b435de276111953bf2bacd1f02, 4d2d30f0792b47908af64c4d02ed1ee25ff50542

Vendor Advisory: https://git.kernel.org/stable/c/03cddc4df8c6be47fd27c8f8b87e5f9a989e1458

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable ipvlan stacking

linux

Avoid using multiple stacked ipvlan devices in network configuration

# Review network configuration and remove stacked ipvlan devices
# Check with: ip link show type ipvlan

Disable IPv6 on ipvlan interfaces

linux

Prevent IPv6 traffic on ipvlan interfaces to avoid triggering the vulnerability

# Disable IPv6 on specific interface: sysctl -w net.ipv6.conf.<interface>.disable_ipv6=1
# Or globally: sysctl -w net.ipv6.conf.all.disable_ipv6=1

🧯 If You Can't Patch

  • Avoid using ipvlan network interfaces in production environments
  • Limit ipvlan device stacking to maximum 4 devices as suggested in the vulnerability report

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if ipvlan interfaces are configured with stacking: uname -r && ip link show type ipvlan

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is newer than vulnerable versions. Check with: uname -r

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Stack guard page violation in kernel logs
  • System crash/reboot events

Network Indicators:

  • Unusual network traffic patterns on ipvlan interfaces
  • IPv6 routing failures

SIEM Query:

source="kernel" AND ("stack guard page" OR "ipvlan" OR "Kernel panic")

📊 Metadata

CVE ID: CVE-2023-52796
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 21, 2024
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52796, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)