CVE-2023-53556

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free flaw within the i40e network driver, specifically in the free netdev function. This issue arises from adding network interface (netif) New Application Programming Interface (NAPI) structures for all allocated queue vectors (q vectors[]), but potentially deleting some of them before freeing the vectors, leading to invalid pointers in the dev->napi list. A reproducer script involving setting the number of virtual functions (VFs) and configuring channels can trigger the flaw. The issue is related to Single Root I/O Virtualization (SRIOV) and can occur during the removal of a virtual function. The flaw results in a kernel crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.