CVE-2023-53645

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc7-02231-g723de1a718a2

Description A flaw exists in the Linux kernel's BPF (Berkeley Packet Filter) subsystem related to reference counting. Specifically, the bpf refcount acquire function incorrectly assumed it could always succeed when called on non-owning references. This assumption was broken by earlier patches that introduced failure behavior to rbtree add and list push {front, back}. The issue could lead to a use-after-free condition, potentially resulting in kernel warnings or crashes. The patch resolves this by making bpf refcount acquire fallible for non-owning references, using refcount inc not zero instead of refcount inc, and marking bpf refcount acquire as potentially returning NULL. Additional bookkeeping was added to track whether a reference is an owning reference to ensure correct behavior.

Recommendations Update to a version later than 6.3.0-rc7-02231-g723de1a718a2.