CVE-2023-53843

Publication date

2025-12-09 01:30:05

Family

Linux

State

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next (commit 759ab1edb56c ("net: store netdevs in an xarray")) refactored the handling of pre-assigned ifindexes and let syzbot surface a latent problem in ovs. ovs does not validate ifindex, making it possible to create netdev ports with negative ifindex values. Its easy to repro with YNL: $ ./cli.py --spec netlink/specs/ovs_datapath.yaml --do new --json {"upcall-pid": 1, "name":"my-dp"} $ ./cli.py --spec netlink/specs/ovs_vport.yaml --do new --json {"upcall-pid": "00000001", "name": "some-port0", "dp-ifindex":3,"ifindex":4294901760,"type":2} $ ip link show -65536: some-port0: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 7a:48:21:ad:0b:fb brd ff:ff:ff:ff:ff:ff ... Validate the inputs. Now the second command correctly returns: $ ./cli.py --spec netlink/specs/ovs_vport.yaml --do new --json {"upcall-pid": "00000001", "name": "some-port0", "dp-ifindex":3,"ifindex":4294901760,"type":2} lib.ynl.NlError: Netlink error: Numerical result out of range nl_len = 108 (92) nl_flags = 0x300 nl_type = 2 error: -34 extack: {msg: integer out of range, unknown: [[type:4 len:36] bx0cx00x02x00x00x00x00x00x00x00x00x00x0cx00x03x00xffxffxffx7fx00x00x00x00x08x00x01x00x08x00x00x00], bad-attr: .ifindex} Accept 0 since it used to be silently ignored.