{
  "threat_severity" : "Low",
  "public_date" : "2025-10-01T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel HSR driver: Denial of Service via uninitialized value access",
    "id" : "2400742",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2400742"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-824",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nhsr: Fix uninit-value access in fill_frame_info()\nSyzbot reports the following uninit-value access problem.\n=====================================================\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:601 [inline]\nBUG: KMSAN: uninit-value in hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616\nfill_frame_info net/hsr/hsr_forward.c:601 [inline]\nhsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616\nhsr_dev_xmit+0x192/0x330 net/hsr/hsr_device.c:223\n__netdev_start_xmit include/linux/netdevice.h:4889 [inline]\nnetdev_start_xmit include/linux/netdevice.h:4903 [inline]\nxmit_one net/core/dev.c:3544 [inline]\ndev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3560\n__dev_queue_xmit+0x34d0/0x52a0 net/core/dev.c:4340\ndev_queue_xmit include/linux/netdevice.h:3082 [inline]\npacket_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:730 [inline]\nsock_sendmsg net/socket.c:753 [inline]\n__sys_sendto+0x781/0xa30 net/socket.c:2176\n__do_sys_sendto net/socket.c:2188 [inline]\n__se_sys_sendto net/socket.c:2184 [inline]\n__ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184\ndo_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\ndo_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\ndo_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\nentry_SYSENTER_compat_after_hwframe+0x70/0x82\nUninit was created at:\nslab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\nslab_alloc_node mm/slub.c:3478 [inline]\nkmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\nkmalloc_reserve+0x148/0x470 net/core/skbuff.c:559\n__alloc_skb+0x318/0x740 net/core/skbuff.c:644\nalloc_skb include/linux/skbuff.h:1286 [inline]\nalloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6299\nsock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2794\npacket_alloc_skb net/packet/af_packet.c:2936 [inline]\npacket_snd net/packet/af_packet.c:3030 [inline]\npacket_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:730 [inline]\nsock_sendmsg net/socket.c:753 [inline]\n__sys_sendto+0x781/0xa30 net/socket.c:2176\n__do_sys_sendto net/socket.c:2188 [inline]\n__se_sys_sendto net/socket.c:2184 [inline]\n__ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184\ndo_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n__do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\ndo_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\ndo_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\nentry_SYSENTER_compat_after_hwframe+0x70/0x82\nIt is because VLAN not yet supported in hsr driver. Return error\nwhen protocol is ETH_P_8021Q in fill_frame_info() now to fix it.", "A flaw was found in the High-availability Seamless Redundancy (HSR) driver within the Linux kernel. A local user can trigger this vulnerability by sending specific Virtual Local Area Network (VLAN) packets to an HSR interface. This can lead to an uninitialized value being accessed, causing a Denial of Service (DoS) condition for the system." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53462\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53462\nhttps://lore.kernel.org/linux-cve-announce/2025100107-CVE-2023-53462-7a33@gregkh/T" ],
  "name" : "CVE-2023-53462",
  "csaw" : false
}