CVE-2023-53489: 
Linux Kernel vulnerability analysis and mitigation

A memory leak vulnerability was discovered in the Linux kernel affecting TCP/UDP socket handling with TX timestamps. The vulnerability (CVE-2023-53489) was disclosed on October 1, 2025, affecting the Linux kernel's networking subsystem. The issue occurs when using zerocopy skbs with TX timestamps, leading to memory leaks of socket and skb structures (NVD).

The vulnerability stems from a circular dependency in memory management when handling zerocopy skbs with TX timestamps. When a socket is created with SOTIMESTAMPING and SOZEROCOPY options, and data is sent using MSGZEROCOPY, the system fails to properly release memory references. The issue involves msgzerocopyalloc() allocating an skb and setting reference counts, but due to improper handling in _skbtstamptx() and skbcopyubufs(), the final reference count is never released. This creates a circular dependency between the socket and its error queue, preventing proper cleanup (RedHat). The vulnerability has been assigned a CVSS v3.1 score of 5.5 with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

The vulnerability results in memory leaks of socket (sk) and socket buffer (skb) structures. When exploited, it can lead to resource exhaustion over time as memory is not properly freed when sockets are closed. This particularly affects systems that frequently create and destroy sockets with specific timestamp and zerocopy options enabled (RedHat).

The vulnerability has been fixed in the Linux kernel by modifying the _skbtstamptx() function to ensure proper handling of zerocopy skbs. The fix involves calling skborphanfragsrx() for cloned skbs to properly manage reference counting and prevent memory leaks. System administrators should apply the latest kernel updates that include this fix (RedHat).