CVE-2023-53716
net: fix skb leak in __skb_tstamp_tx()
Description
In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in __skb_tstamp_tx() Commit 50749f2dd685 ("tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.") added a call to skb_orphan_frags_rx() to fix leaks with zerocopy skbs. But it ended up adding a leak of its own. When skb_orphan_frags_rx() fails, the function just returns, leaking the skb it just cloned. Free it before returning. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc.
INFO
Published Date :
Oct. 22, 2025, 2:15 p.m.
Last Modified :
Oct. 22, 2025, 9:12 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Apply the fix for skb leak in __skb_tstamp_tx().
- Ensure cloned skbs are freed before returning.
- Update the Linux kernel to the latest version.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-53716.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-53716 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-53716
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53716 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-53716 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 22, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in __skb_tstamp_tx() Commit 50749f2dd685 ("tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.") added a call to skb_orphan_frags_rx() to fix leaks with zerocopy skbs. But it ended up adding a leak of its own. When skb_orphan_frags_rx() fails, the function just returns, leaking the skb it just cloned. Free it before returning. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Added Reference https://git.kernel.org/stable/c/58766252f6b2c0487cda6976a53d2bb03ae28e2a Added Reference https://git.kernel.org/stable/c/779332447108545ef04682ea29af5f85c0202aee Added Reference https://git.kernel.org/stable/c/82501f1ead557cbee1c2467654ec109a80334d22 Added Reference https://git.kernel.org/stable/c/8a02fb71d7192ff1a9a47c9d937624966c6e09af Added Reference https://git.kernel.org/stable/c/a594382ec6d0cc8cff5a8bc7e61b54e3858fb243 Added Reference https://git.kernel.org/stable/c/cc18b4685910d5d9de8314bae9c55790701b1811 Added Reference https://git.kernel.org/stable/c/e06841a2abf9c82735cee39e88b1d79464088840 Added Reference https://git.kernel.org/stable/c/f4d928c00254cfc9dd0ee7076f4a59bceec675f4