We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-52991

net: fix NULL pointer in skb_segment_list



Description

In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer in skb_segment_list Commit 3a1296a38d0c ("net: Support GRO/GSO fraglist chaining.") introduced UDP listifyed GRO. The segmentation relies on frag_list being untouched when passing through the network stack. This assumption can be broken sometimes, where frag_list itself gets pulled into linear area, leaving frag_list being NULL. When this happens it can trigger following NULL pointer dereference, and panic the kernel. Reverse the test condition should fix it. [19185.577801][ C1] BUG: kernel NULL pointer dereference, address: ... [19185.663775][ C1] RIP: 0010:skb_segment_list+0x1cc/0x390 ... [19185.834644][ C1] Call Trace: [19185.841730][ C1] <TASK> [19185.848563][ C1] __udp_gso_segment+0x33e/0x510 [19185.857370][ C1] inet_gso_segment+0x15b/0x3e0 [19185.866059][ C1] skb_mac_gso_segment+0x97/0x110 [19185.874939][ C1] __skb_gso_segment+0xb2/0x160 [19185.883646][ C1] udp_queue_rcv_skb+0xc3/0x1d0 [19185.892319][ C1] udp_unicast_rcv_skb+0x75/0x90 [19185.900979][ C1] ip_protocol_deliver_rcu+0xd2/0x200 [19185.910003][ C1] ip_local_deliver_finish+0x44/0x60 [19185.918757][ C1] __netif_receive_skb_one_core+0x8b/0xa0 [19185.927834][ C1] process_backlog+0x88/0x130 [19185.935840][ C1] __napi_poll+0x27/0x150 [19185.943447][ C1] net_rx_action+0x27e/0x5f0 [19185.951331][ C1] ? mlx5_cq_tasklet_cb+0x70/0x160 [mlx5_core] [19185.960848][ C1] __do_softirq+0xbc/0x25d [19185.968607][ C1] irq_exit_rcu+0x83/0xb0 [19185.976247][ C1] common_interrupt+0x43/0xa0 [19185.984235][ C1] asm_common_interrupt+0x22/0x40 ... [19186.094106][ C1] </TASK>

Reserved 2025-03-27 | Published 2025-03-27 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 before 6446369fb9f083ce032448c5047da08e298b22e6
affected

3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 before 046de74f9af92ae9ffce75fa22a1795223f4fb54
affected

3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 before 888dad6f3e85e3b2f8389bd6478f181efc72534d
affected

3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 before 876e8ca8366735a604bac86ff7e2732fc9d85d2d
affected

Default status
affected

5.6
affected

Any version before 5.6
unaffected

5.10.167
unaffected

5.15.92
unaffected

6.1.10
unaffected

6.2
unaffected

References

git.kernel.org/...c/6446369fb9f083ce032448c5047da08e298b22e6

git.kernel.org/...c/046de74f9af92ae9ffce75fa22a1795223f4fb54

git.kernel.org/...c/888dad6f3e85e3b2f8389bd6478f181efc72534d

git.kernel.org/...c/876e8ca8366735a604bac86ff7e2732fc9d85d2d

cve.org (CVE-2023-52991)

nvd.nist.gov (CVE-2023-52991)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-52991

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.