CVE-2023-53999

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak in the net/mlx5e module related to Traffic Control (TC). Specifically, when flow rules are split and extra post act rules are added to the post act table, a memory leak can occur when forwarding packets from an internal port over a tunnel, particularly when CT 'new' state offload is enabled. This happens because the reference count of the internal port object is incremented but not decremented, preventing the object from being freed. The issue is triggered during the addition of flow rules and involves functions like mlx5e tc int port get() and mlx5e tc int port put(). The kernel memory leak reports an unreferenced object of size 64 bytes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-53999

RHSA-2024:2394

RHSA-2024:3138

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Centos

Debian

Linux Kernel

Red Hat

Mlx5E

CVE-2023-53999

Related Identifiers

Affected Products

References · 1457