CVE-2023-53136

HIGH

Linux Kernel < 5.15.103 - Out-of-Bounds Read

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: af_unix: fix struct pid leaks in OOB support syzbot reported struct pid leak [1]. Issue is that queue_oob() calls maybe_add_creds() which potentially holds a reference on a pid. But skb->destructor is not set (either directly or by calling unix_scm_to_skb()) This means that subsequent kfree_skb() or consume_skb() would leak this reference. In this fix, I chose to fully support scm even for the OOB message. [1] BUG: memory leak unreferenced object 0xffff8881053e7f80 (size 128): comm "syz-executor242", pid 5066, jiffies 4294946079 (age 13.220s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff812ae26a>] alloc_pid+0x6a/0x560 kernel/pid.c:180 [<ffffffff812718df>] copy_process+0x169f/0x26c0 kernel/fork.c:2285 [<ffffffff81272b37>] kernel_clone+0xf7/0x610 kernel/fork.c:2684 [<ffffffff812730cc>] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825 [<ffffffff849ad699>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff849ad699>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [<ffffffff84a0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/2aab4b96900272885bc157f8b236abf1cdc02e08

Patch

https://git.kernel.org/stable/c/a59d6306263c38e5c0592ea4451ca26a0778c947

Patch

https://git.kernel.org/stable/c/ac1968ac399205fda9ee3b18f7de7416cb3a5d0d

Patch

https://git.kernel.org/stable/c/f3969427fb06a2c3cd6efd7faab63505cfa76e76

Scores

CVSS v3 7.1

EPSS 0.0007

EPSS Percentile 20.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (2)

linux/linux_kernel 6.3 rc1

linux/linux_kernel 5.15 - 5.15.103

Published May 02, 2025

Tracked Since Feb 18, 2026