CVE-2023-53716: net: fix skb leak in __skb_tstamp_tx()
In the Linux kernel, the following vulnerability has been resolved:
net: fix skb leak in __skb_tstamp_tx()
Commit 50749f2dd685 ("tcp/udp: Fix memleaks of sk and zerocopy skbs with
TX timestamp.") added a call to skb_orphan_frags_rx() to fix leaks with
zerocopy skbs. But it ended up adding a leak of its own. When
skb_orphan_frags_rx() fails, the function just returns, leaking the skb
it just cloned. Free it before returning.
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
Security readout for executives and security teams
Plain-English summary
CVE-2023-53716 is a Linux kernel memory-leak bug in network transmit timestamp handling. Under a specific failure path, the kernel cloned a network buffer and returned without freeing it. The public record does not provide CVSS, confirmed exploitation, or package-level affected ranges.
Executive priority
Treat this as a routine but real Linux kernel maintenance item. It does not currently warrant emergency response based on the supplied evidence, but unpatched kernel memory leaks can become availability risks on exposed or high-volume systems.
Technical view
The issue is in __skb_tstamp_tx(). A prior fix for zerocopy skb leaks added skb_orphan_frags_rx(), but if that call failed, the cloned skb was leaked. The kernel fix frees the cloned skb before returning. Discovery is attributed to Coverity SAST by Synopsys.
Likely exposure
Exposure is most likely on Linux systems running kernel builds that include the regressing TX timestamp and zerocopy skb change but not the referenced stable fixes. The bundle does not map this cleanly to distribution package versions.
Exploitation context
No active exploitation is stated in the supplied sources, and the CVE is not marked KEV. The practical impact appears to be resource leakage, potentially affecting availability if the vulnerable path can be exercised repeatedly.
Researcher notes
Evidence is limited to the CVE record and kernel stable references. The source bundle gives root cause and fix direction, but no CVSS, CWE, exploit report, or distribution-specific affected ranges. Validate backports rather than relying only on upstream version strings.
Mitigation direction
Apply Linux kernel or distribution updates that include the referenced stable fixes.
Check vendor advisories for backported fixes and package-specific affected ranges.
Prioritize internet-facing or high-throughput Linux network systems for assessment.
Where feasible, reduce reliance on TX timestamping with zerocopy until patched.
Validation and detection
Inventory Linux kernel versions across servers, appliances, and containers using host kernels.
Compare deployed kernel builds against vendor advisories and referenced stable commits.
Confirm whether TX timestamping or zerocopy networking is used in relevant workloads.
Monitor kernel memory pressure and network-related resource anomalies until remediated.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-53716 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
9Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Oct 22, 2025, 13:23 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.