Login Sign Up

CVE-2023-53600

7.1 HIGH
Denial of Service

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's tunneling code allows attackers to trigger a kernel panic (denial of service) when the kernel attempts to generate IPv4 Path MTU error messages for non-linear network packets. This affects Linux systems using tunneling protocols like VXLAN. The vulnerability can be exploited by sending specially crafted network traffic.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution, but generally affected versions include those around 6.5.0-rc3 and earlier)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Systems must have tunneling functionality enabled (like VXLAN) and process non-linear skbs that trigger PMTU error generation.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially disrupting critical network services.

🟠

Likely Case

System crash or instability when processing certain network traffic patterns, causing service disruption.

🟢

If Mitigated

Minimal impact with proper network segmentation and traffic filtering.

🌐 Internet-Facing: MEDIUM - Requires sending network traffic to vulnerable systems, but many internet-facing systems may have firewalls blocking the specific tunneling protocols.
🏢 Internal Only: MEDIUM - Internal systems using VXLAN or other tunneling protocols in data centers or cloud environments are at risk.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending network traffic that triggers the specific code path. The vulnerability was discovered during normal testing (iperf3 usage), suggesting it could be triggered accidentally or intentionally.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 5850c391fd7e25662334cb3cbf29a62bcbff1084, 6a7ac3d20593865209dceb554d8b3f094c6bd940, da5f42a6e7485fbb7a6dbd6a2b3045e19e4df5cc, e95808121953410db8c59f0abfde70ac0d34222c, fe6a9f7516735be9fdabab00e47ef7a3403a174d

Vendor Advisory: https://git.kernel.org/stable/c/5850c391fd7e25662334cb3cbf29a62bcbff1084

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to install latest kernel updates. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable tunneling protocols

linux

If VXLAN or other tunneling protocols are not needed, disable them to prevent triggering the vulnerable code path.

modprobe -r vxlan
echo 'blacklist vxlan' >> /etc/modprobe.d/blacklist.conf

Network filtering

linux

Use firewall rules to block or limit tunneling protocol traffic to vulnerable systems.

iptables -A INPUT -p udp --dport 4789 -j DROP # Block VXLAN traffic

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate systems using tunneling protocols
  • Monitor systems for kernel panic events and have recovery procedures ready

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution security advisories. Vulnerable if using kernel versions before the fix commits.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched versions from distribution security advisories.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • KASAN error reports mentioning ip_compute_csum or iptunnel_pmtud_build_icmp

Network Indicators:

  • Unusual VXLAN or tunneling protocol traffic patterns
  • Increased ICMP error messages

SIEM Query:

source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "ip_compute_csum")

📊 Metadata

CVE ID: CVE-2023-53600
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
EPSS Score: 0.02% exploit probability (5.6th percentile)
Published: October 4, 2025
Last Updated: February 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53600, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)