CVE-2023-53698 | xsk: fix refcount underflow in error path

In the Linux kernel, the following vulnerability has been resolved: xsk: fix refcount underflow in error path Fix a refcount underflow problem reported by syzbot that can happen when a system is running out of memory. If xp_alloc_tx_descs() fails, and it can only fail due to not having enough memory, then the error path is triggered. In this error path, the refcount of the pool is decremented as it has incremented before. However, the reference to the pool in the socket was not nulled. This means that when the socket is closed later, the socket teardown logic will think that there is a pool attached to the socket and try to decrease the refcount again, leading to a refcount underflow. I chose this fix as it involved adding just a single line. Another option would have been to move xp_get_pool() and the assignment of xs->pool to after the if-statement and using xs_umem->pool instead of xs->pool in the whole if-statement resulting in somewhat simpler code, but this would have led to much more churn in the code base perhaps making it harder to backport.

Published: 2025-10-22 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD Status:DeferredCVE State: published
View at NVD, CVE.org, EUVD

CVE-2023-53698 is rated Low Risk (3.2/100): low exploitation likelihood (EPSS 0.02%). Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-53698

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-10-23 0.02%

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-53698

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2023-53698

OS Trackers for CVE-2023-53698

vendor priority summary link
debian unimportant CVE-2023-53698 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2023-53698
redhat medium https://access.redhat.com/security/cve/CVE-2023-53698
suse low CVE-2023-53698 severity low: SUSE including 419 source package names (2.1.3-6.88:kernel-default-base-6.4.0-36.1.21.13, 2.1.3-7.105:kernel-rt-6.4.0-38.1, …), 846 product×package rows across 176 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/kvm-os-container, … (176 product lines)): Fixed 462, Known Affected 231, Known Not Affected 153. https://www.suse.com/security/cve/CVE-2023-53698/
ubuntu medium CVE-2023-53698 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 159, not-affected 122, released 113, needs-triage 1. https://ubuntu.com/security/CVE-2023-53698

Affected software / configurations for CVE-2023-53698

Vendor Product Version Raw CPE
No affected products in dataset.

References for CVE-2023-53698

cvelogic Threat Intelligence