LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53716: net: fix skb leak in __skb_tstamp_tx()

In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in __skb_tstamp_tx() Commit 50749f2dd685 ("tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.") added a call to skb_orphan_frags_rx() to fix leaks with zerocopy skbs. But it ended up adding a leak of its own. When skb_orphan_frags_rx() fails, the function just returns, leaking the skb it just cloned. Free it before returning. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2023-53716 is a Linux kernel memory-leak bug in network transmit timestamp handling. Under a specific failure path, the kernel cloned a network buffer and returned without freeing it. The public record does not provide CVSS, confirmed exploitation, or package-level affected ranges.

Executive priority

Treat this as a routine but real Linux kernel maintenance item. It does not currently warrant emergency response based on the supplied evidence, but unpatched kernel memory leaks can become availability risks on exposed or high-volume systems.

Technical view

The issue is in __skb_tstamp_tx(). A prior fix for zerocopy skb leaks added skb_orphan_frags_rx(), but if that call failed, the cloned skb was leaked. The kernel fix frees the cloned skb before returning. Discovery is attributed to Coverity SAST by Synopsys.

Likely exposure

Exposure is most likely on Linux systems running kernel builds that include the regressing TX timestamp and zerocopy skb change but not the referenced stable fixes. The bundle does not map this cleanly to distribution package versions.

Exploitation context

No active exploitation is stated in the supplied sources, and the CVE is not marked KEV. The practical impact appears to be resource leakage, potentially affecting availability if the vulnerable path can be exercised repeatedly.

Researcher notes

Evidence is limited to the CVE record and kernel stable references. The source bundle gives root cause and fix direction, but no CVSS, CWE, exploit report, or distribution-specific affected ranges. Validate backports rather than relying only on upstream version strings.

Mitigation direction

  • Apply Linux kernel or distribution updates that include the referenced stable fixes.
  • Check vendor advisories for backported fixes and package-specific affected ranges.
  • Prioritize internet-facing or high-throughput Linux network systems for assessment.
  • Where feasible, reduce reliance on TX timestamping with zerocopy until patched.

Validation and detection

  • Inventory Linux kernel versions across servers, appliances, and containers using host kernels.
  • Compare deployed kernel builds against vendor advisories and referenced stable commits.
  • Confirm whether TX timestamping or zerocopy networking is used in relevant workloads.
  • Monitor kernel memory pressure and network-related resource anomalies until remediated.
Prepared
Confidence
medium
Sources
10

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53716 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
9Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux281072fb2a7294cde7acbf5375b879f40a8001b7, 1f69c086b20e27763af28145981435423f088268, 602fa8af44fd55a58f9e94eb673e8adad2c6cc46, 230a5ed7d813fb516de81d23f09d7506753e41e9, 43e4197dd5f6b474a8b16f8b6a42cd45cf4f9d1a, cb52e7f24c1d01a536a847dff0d1d95889cc3b5c, 426384dd4980040651536fef5feac4dcc4d7ee4e, 50749f2dd6854a41830996ad302aef2ffaf011d8, 30290f210ba7426ff7592fe2eb4114b1b5bad219, 6.2.15unaffected
LinuxLinux4.14.315, 4.19.283, 5.4.243, 5.10.180, 5.15.111, 6.1.28, 6.3.2unaffected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.