CVE-2023-53107: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53107 is a use-after-free vulnerability discovered in the Linux kernel's veth XDPREDIRECT functionality. The vulnerability was introduced by commit 718a18a0c8a6 which attempted to rework vethxdprcv_skb to accept non-linear skb. The issue was published on May 2, 2025, affecting the Linux kernel (NVD, Wiz).

The vulnerability occurs when pskbexpandhead() is used if the headroom is less than XDPPACKETHEADROOM. This uses kmalloc to expand the head, which later allows consumeskb() to free the skb while it is still in use by AFXDP. Previously, if the headroom was less than XDPPACKETHEADROOM, a new skb would be allocated from pages instead. The issue was detected through KASAN reporting a use-after-free in _xskrcv+0x18d/0x2c0 (NVD, Wiz).

The vulnerability results in a use-after-free condition that could lead to memory corruption and potential system crashes. This is evidenced by the KASAN report showing use-after-free detection in _xskrcv+0x18d/0x2c0 (Wiz).

The issue has been fixed in the Linux kernel by restoring the previous behavior of allocating a new skb from pages when the headroom is less than XDPPACKETHEADROOM. The fix is available through kernel updates (Wiz).