CVE-2023-53186: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's network stack was discovered related to SKB (socket buffer) handling. The issue, identified as CVE-2023-53186, involves a race condition between coalescing and releasing SKBs that could lead to inconsistent reference counts. The vulnerability was found in the implementation introduced by commit 1effe8ca4e34 which allowed coalescing to proceed with non-page pool page and page pool page when certain conditions were met (NVD).

The vulnerability occurs when skb_cloned(@from) doesn't hold true until coalescing finishes. If another cloned SKB is released during the merging process, from_shinfo->nr_frags gets set to 0 toward the end of the function. This causes the increment of frag page _refcount to be unexpectedly skipped, resulting in inconsistent reference counts. The issue manifests when SKB(@to) is released, causing the page to be freed directly even though the page pool page is still in use (NVD).

The vulnerability can result in use-after-free or double-free errors in the Linux kernel. This can potentially lead to system crashes, as evidenced by the reported double-free error messages showing bad page states and negative reference counts (NVD).

The issue has been fixed in various Linux distributions. Ubuntu has released patches for multiple versions, including Ubuntu 22.04 LTS (jammy) with Linux kernel version 5.15.0-79.86. Similar fixes have been deployed for other Ubuntu versions and kernel variants (Ubuntu).