CVE-2023-53517

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0.neta

Description The Linux kernel contains a flaw in the tipc (Trusted Inter-Process Communication) subsystem related to Maximum Transmission Unit (MTU) negotiation. A malicious peer could potentially send an Activate message with a very small MTU value, leading to an integer overflow when calculating the minimum MTU. This could result in excessive memory allocation and potentially a system crash, specifically a general protection fault. The issue arises from a lack of validation of the received MTU against a minimum acceptable value. The vulnerability is triggered during link MTU negotiation, where a small MTU value can cause an overflow in tipc link mss(). This can lead to warnings about large messages being purged and, in severe cases, a kernel crash during message transmission. The affected function is tipc link xmit().

Recommendations Update the Linux kernel to version 6.3.0.neta or later.