{ "threat_severity" : "Moderate", "public_date" : "2025-12-09T00:00:00Z", "bugzilla" : { "description" : "kernel: net: openvswitch: reject negative ifindex", "id" : "2420327", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420327" }, "cvss3" : { "cvss3_base_score" : "5.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "status" : "verified" }, "cwe" : "CWE-1284", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet: openvswitch: reject negative ifindex\nRecent changes in net-next (commit 759ab1edb56c (\"net: store netdevs\nin an xarray\")) refactored the handling of pre-assigned ifindexes\nand let syzbot surface a latent problem in ovs. ovs does not validate\nifindex, making it possible to create netdev ports with negative\nifindex values. It's easy to repro with YNL:\n$ ./cli.py --spec netlink/specs/ovs_datapath.yaml \\\n--do new \\\n--json '{\"upcall-pid\": 1, \"name\":\"my-dp\"}'\n$ ./cli.py --spec netlink/specs/ovs_vport.yaml \\\n--do new \\\n--json '{\"upcall-pid\": \"00000001\", \"name\": \"some-port0\", \"dp-ifindex\":3,\"ifindex\":4294901760,\"type\":2}'\n$ ip link show\n-65536: some-port0: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000\nlink/ether 7a:48:21:ad:0b:fb brd ff:ff:ff:ff:ff:ff\n...\nValidate the inputs. Now the second command correctly returns:\n$ ./cli.py --spec netlink/specs/ovs_vport.yaml \\\n--do new \\\n--json '{\"upcall-pid\": \"00000001\", \"name\": \"some-port0\", \"dp-ifindex\":3,\"ifindex\":4294901760,\"type\":2}'\nlib.ynl.NlError: Netlink error: Numerical result out of range\nnl_len = 108 (92) nl_flags = 0x300 nl_type = 2\nerror: -34extack: {'msg': 'integer out of range', 'unknown': [[type:4 len:36] b'\\x0c\\x00\\x02\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\x03\\x00\\xff\\xff\\xff\\x7f\\x00\\x00\\x00\\x00\\x08\\x00\\x01\\x00\\x08\\x00\\x00\\x00'], 'bad-attr': '.ifindex'}\nAccept 0 since it used to be silently ignored." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-05-22T00:00:00Z", "advisory" : "RHSA-2024:3138", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53843\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53843\nhttps://lore.kernel.org/linux-cve-announce/2025120958-CVE-2023-53843-195d@gregkh/T" ], "name" : "CVE-2023-53843", "csaw" : false }