{
  "threat_severity" : "Low",
  "public_date" : "2025-12-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: netlink: do not hard code device address lenth in fdb dumps",
    "id" : "2420333",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420333"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-131",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnetlink: do not hard code device address lenth in fdb dumps\nsyzbot reports that some netdev devices do not have a six bytes\naddress [1]\nReplace ETH_ALEN by dev->addr_len.\n[1] (Case of a device where dev->addr_len = 4)\nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in copyout+0xb8/0x100 lib/iov_iter.c:169\ninstrument_copy_to_user include/linux/instrumented.h:114 [inline]\ncopyout+0xb8/0x100 lib/iov_iter.c:169\n_copy_to_iter+0x6d8/0x1d00 lib/iov_iter.c:536\ncopy_to_iter include/linux/uio.h:206 [inline]\nsimple_copy_to_iter+0x68/0xa0 net/core/datagram.c:513\n__skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:419\nskb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:527\nskb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]\nnetlink_recvmsg+0x4ae/0x15a0 net/netlink/af_netlink.c:1970\nsock_recvmsg_nosec net/socket.c:1019 [inline]\nsock_recvmsg net/socket.c:1040 [inline]\n____sys_recvmsg+0x283/0x7f0 net/socket.c:2722\n___sys_recvmsg+0x223/0x840 net/socket.c:2764\ndo_recvmmsg+0x4f9/0xfd0 net/socket.c:2858\n__sys_recvmmsg net/socket.c:2937 [inline]\n__do_sys_recvmmsg net/socket.c:2960 [inline]\n__se_sys_recvmmsg net/socket.c:2953 [inline]\n__x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nUninit was stored to memory at:\n__nla_put lib/nlattr.c:1009 [inline]\nnla_put+0x1c6/0x230 lib/nlattr.c:1067\nnlmsg_populate_fdb_fill+0x2b8/0x600 net/core/rtnetlink.c:4071\nnlmsg_populate_fdb net/core/rtnetlink.c:4418 [inline]\nndo_dflt_fdb_dump+0x616/0x840 net/core/rtnetlink.c:4456\nrtnl_fdb_dump+0x14ff/0x1fc0 net/core/rtnetlink.c:4629\nnetlink_dump+0x9d1/0x1310 net/netlink/af_netlink.c:2268\nnetlink_recvmsg+0xc5c/0x15a0 net/netlink/af_netlink.c:1995\nsock_recvmsg_nosec+0x7a/0x120 net/socket.c:1019\n____sys_recvmsg+0x664/0x7f0 net/socket.c:2720\n___sys_recvmsg+0x223/0x840 net/socket.c:2764\ndo_recvmmsg+0x4f9/0xfd0 net/socket.c:2858\n__sys_recvmmsg net/socket.c:2937 [inline]\n__do_sys_recvmmsg net/socket.c:2960 [inline]\n__se_sys_recvmmsg net/socket.c:2953 [inline]\n__x64_sys_recvmmsg+0x397/0x490 net/socket.c:2953\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nUninit was created at:\nslab_post_alloc_hook+0x12d/0xb60 mm/slab.h:716\nslab_alloc_node mm/slub.c:3451 [inline]\n__kmem_cache_alloc_node+0x4ff/0x8b0 mm/slub.c:3490\nkmalloc_trace+0x51/0x200 mm/slab_common.c:1057\nkmalloc include/linux/slab.h:559 [inline]\n__hw_addr_create net/core/dev_addr_lists.c:60 [inline]\n__hw_addr_add_ex+0x2e5/0x9e0 net/core/dev_addr_lists.c:118\n__dev_mc_add net/core/dev_addr_lists.c:867 [inline]\ndev_mc_add+0x9a/0x130 net/core/dev_addr_lists.c:885\nigmp6_group_added+0x267/0xbc0 net/ipv6/mcast.c:680\nipv6_mc_up+0x296/0x3b0 net/ipv6/mcast.c:2754\nipv6_mc_remap+0x1e/0x30 net/ipv6/mcast.c:2708\naddrconf_type_change net/ipv6/addrconf.c:3731 [inline]\naddrconf_notify+0x4d3/0x1d90 net/ipv6/addrconf.c:3699\nnotifier_call_chain kernel/notifier.c:93 [inline]\nraw_notifier_call_chain+0xe4/0x430 kernel/notifier.c:461\ncall_netdevice_notifiers_info net/core/dev.c:1935 [inline]\ncall_netdevice_notifiers_extack net/core/dev.c:1973 [inline]\ncall_netdevice_notifiers+0x1ee/0x2d0 net/core/dev.c:1987\nbond_enslave+0xccd/0x53f0 drivers/net/bonding/bond_main.c:1906\ndo_set_master net/core/rtnetlink.c:2626 [inline]\nrtnl_newlink_create net/core/rtnetlink.c:3460 [inline]\n__rtnl_newlink net/core/rtnetlink.c:3660 [inline]\nrtnl_newlink+0x378c/0x40e0 net/core/rtnetlink.c:3673\nrtnetlink_rcv_msg+0x16a6/0x1840 net/core/rtnetlink.c:6395\nnetlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2546\nrtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6413\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0xf28/0x1230 net/netlink/af_\n---truncated---", "A kernel information leak vulnerability was found in the netlink FDB (Forwarding Database) dump functionality in the Linux kernel. The code incorrectly hard-codes ETH_ALEN (6 bytes) for device addresses, but some network devices have shorter addresses (e.g., 4 bytes). When dumping FDB entries for such devices, uninitialized kernel memory is copied to userspace, potentially leaking sensitive information." ],
  "statement" : "This is an information leak vulnerability in netlink FDB dumps affecting devices with non-standard address lengths. The impact is limited as it requires local access and affects only specific network device configurations.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53863\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53863\nhttps://lore.kernel.org/linux-cve-announce/2025120905-CVE-2023-53863-8742@gregkh/T" ],
  "name" : "CVE-2023-53863",
  "csaw" : false
}