CVE-2023-53190
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's VXLAN implementation. When creating a VXLAN interface with vnifilter enabled, if gro_cells_init() fails during initialization, allocated memory isn't properly freed, causing kernel memory leaks. This affects Linux systems using VXLAN networking with vnifilter functionality.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service through resource depletion.
Likely Case
Repeated failed VXLAN interface creation attempts could gradually consume kernel memory, potentially degrading system performance over time.
If Mitigated
With proper monitoring and limited VXLAN interface creation attempts, impact is minimal as leaks only occur during specific error conditions.
🎯 Exploit Status
Exploitation requires CAP_NET_ADMIN privileges and ability to trigger the specific error path through gro_cells_init() failure. The provided reproduction steps use debugfs error injection.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (commits: 06bf62944144a92d83dd14fd1378d2a288259561, 5896f55810680391a32652ca2b91245a05c11e22, 75c1ab900f7cf0485f0be1607c79c55f51faaa90)
Vendor Advisory: https://git.kernel.org/stable/c/06bf62944144a92d83dd14fd1378d2a288259561
Restart Required: No
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. For custom kernels, apply the relevant patch from kernel.org stable branches. 3. Recompile and install the updated kernel.
🔧 Temporary Workarounds
Disable VXLAN vnifilter functionality
allAvoid using VXLAN interfaces with vnifilter option to prevent triggering the vulnerable code path.
# Do not create VXLAN interfaces with 'external vnifilter' option
# Example of safe VXLAN creation without vnifilter:
ip link add name vxlan0 type vxlan dstport 4789
🧯 If You Can't Patch
- Restrict CAP_NET_ADMIN capabilities to trusted users only
- Monitor kernel memory usage and alert on unusual consumption patterns
🔍 How to Verify
Check if Vulnerable:
Check if system can reproduce the memory leak using the debugfs error injection method described in the CVE (requires root access and debugfs enabled).Check Version:
uname -rVerify Fix Applied:
Apply kernel update and verify the patch is included by checking kernel version or commit history. Test VXLAN vnifilter creation with error injection to confirm no memory leaks.📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System logs showing memory pressure warnings
- Failed VXLAN interface creation attempts
Network Indicators:
- Unusual VXLAN interface creation patterns
- Multiple failed network device initialization attempts
SIEM Query:
source="kernel" AND ("oom-killer" OR "memory pressure" OR "vxlan" AND "failed")