{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service due to memory leak in mlx5e driver",
    "id" : "2424951",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2424951"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5e: TC, Fix internal port memory leak\nThe flow rule can be splited, and the extra post_act rules are added\nto post_act table. It's possible to trigger memleak when the rule\nforwards packets from internal port and over tunnel, in the case that,\nfor example, CT 'new' state offload is allowed. As int_port object is\nassigned to the flow attribute of post_act rule, and its refcnt is\nincremented by mlx5e_tc_int_port_get(), but mlx5e_tc_int_port_put() is\nnot called, the refcnt is never decremented, then int_port is never\nfreed.\nThe kmemleak reports the following error:\nunreferenced object 0xffff888128204b80 (size 64):\ncomm \"handler20\", pid 50121, jiffies 4296973009 (age 642.932s)\nhex dump (first 32 bytes):\n01 00 00 00 19 00 00 00 03 f0 00 00 04 00 00 00  ................\n98 77 67 41 81 88 ff ff 98 77 67 41 81 88 ff ff  .wgA.....wgA....\nbacktrace:\n[<00000000e992680d>] kmalloc_trace+0x27/0x120\n[<000000009e945a98>] mlx5e_tc_int_port_get+0x3f3/0xe20 [mlx5_core]\n[<0000000035a537f0>] mlx5e_tc_add_fdb_flow+0x473/0xcf0 [mlx5_core]\n[<0000000070c2cec6>] __mlx5e_add_fdb_flow+0x7cf/0xe90 [mlx5_core]\n[<000000005cc84048>] mlx5e_configure_flower+0xd40/0x4c40 [mlx5_core]\n[<000000004f8a2031>] mlx5e_rep_indr_offload.isra.0+0x10e/0x1c0 [mlx5_core]\n[<000000007df797dc>] mlx5e_rep_indr_setup_tc_cb+0x90/0x130 [mlx5_core]\n[<0000000016c15cc3>] tc_setup_cb_add+0x1cf/0x410\n[<00000000a63305b4>] fl_hw_replace_filter+0x38f/0x670 [cls_flower]\n[<000000008bc9e77c>] fl_change+0x1fd5/0x4430 [cls_flower]\n[<00000000e7f766e4>] tc_new_tfilter+0x867/0x2010\n[<00000000e101c0ef>] rtnetlink_rcv_msg+0x6fc/0x9f0\n[<00000000e1111d44>] netlink_rcv_skb+0x12c/0x360\n[<0000000082dd6c8b>] netlink_unicast+0x438/0x710\n[<00000000fc568f70>] netlink_sendmsg+0x794/0xc50\n[<0000000016e92590>] sock_sendmsg+0xc5/0x190\nSo fix this by moving int_port cleanup code to the flow attribute\nfree helper, which is used by all the attribute free cases.", "A flaw was found in the Linux kernel. This memory leak vulnerability occurs when a flow rule, forwarding packets from an internal port over a tunnel, is split and extra post-action rules are added. The int_port object's reference count is incremented but never decremented, leading to the object not being freed. This can result in a denial of service (DoS) due to memory exhaustion." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53999\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53999\nhttps://lore.kernel.org/linux-cve-announce/2025122426-CVE-2023-53999-57a4@gregkh/T" ],
  "name" : "CVE-2023-53999",
  "csaw" : false
}