CVE-2023-53147
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's XFRM subsystem allows local users to crash the kernel by triggering a specific condition in xfrm_update_ae_params. This affects systems using IPsec/XFRM functionality and requires local access to exploit.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting network security functions like IPsec tunnels.
Likely Case
Local denial of service through kernel crash, requiring system reboot to recover.
If Mitigated
Minimal impact with proper access controls limiting local user privileges.
🎯 Exploit Status
Proof-of-concept crash code exists in vulnerability description. Requires local access and ability to trigger xfrm_new_ae.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 00374d9b6d9f932802b55181be9831aa948e5b7c or similar
Vendor Advisory: https://git.kernel.org/stable/c/00374d9b6d9f932802b55181be9831aa948e5b7c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Restrict XFRM access
allLimit access to XFRM functionality via capabilities or user permissions
Use Linux capabilities system to restrict CAP_NET_ADMIN
Implement strict user/group permissions on XFRM interfaces
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from accessing XFRM functionality
- Monitor for kernel crashes and investigate any local user triggering XFRM operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare against distribution security advisories. Vulnerable if using unpatched kernel with XFRM enabled.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commit or is newer than patched versions from your distribution.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs mentioning xfrm_update_ae_params
- NULL pointer dereference in kernel logs
- System crash/reboot events
Network Indicators:
- Unusual XFRM/IPsec configuration changes from local users
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "xfrm_update_ae_params" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/00374d9b6d9f932802b55181be9831aa948e5b7c
- https://git.kernel.org/stable/c/075448a2eb753f813fe873cfa52853e9fef8eedb
- https://git.kernel.org/stable/c/44f69c96f8a147413c23c68cda4d6fb5e23137cd
- https://git.kernel.org/stable/c/53df4be4f5221e90dc7aa9ce745a9a21bb7024f4
- https://git.kernel.org/stable/c/8046beb890ebc83c5820188c650073e1c6066e67
- https://git.kernel.org/stable/c/87b655f4936b6fc01f3658aa88a22c923b379ebd
- https://git.kernel.org/stable/c/bd30aa9c7febb6e709670cd5154194189ca3b7b5
- https://git.kernel.org/stable/c/ed1cba039309c80b49719fcff3e3d7cdddb73d96
