Detections
Analytics

CVE-2023-53499

medium

Description

In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix error unwinding of XDP initialization When initializing XDP in virtnet_open(), some rq xdp initialization may hit an error causing net device open failed. However, previous rqs have already initialized XDP and enabled NAPI, which is not the expected behavior. Need to roll back the previous rq initialization to avoid leaks in error unwinding of init code. Also extract helper functions of disable and enable queue pairs. Use newly introduced disable helper function in error unwinding and virtnet_close. Use enable helper function in virtnet_open.

References

https://git.kernel.org/stable/c/73f53bc295727a3cdbd9d6bcdfaa239258970cf4

https://git.kernel.org/stable/c/6a7690f2bd178eee80f33411ae32e543ae66379c

https://git.kernel.org/stable/c/5306623a9826aa7d63b32c6a3803c798a765474d

https://git.kernel.org/stable/c/037768b28e3752c07d63d1c72a651a6775b080bb

Details

Source: Mitre, NVD

Published: 2025-10-01

Updated: 2025-10-02

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018