CVE-2023-53559: 
Linux Kernel vulnerability analysis and mitigation

A slab-use-after-free vulnerability (CVE-2023-53559) was discovered in the Linux kernel's ipvti implementation, specifically in the decodesession6 function. The vulnerability was disclosed on October 4, 2025, affecting the Linux kernel when the ip_vti device is configured with the sfb qdisc type (NVD, RedHat).

The vulnerability occurs when the ipvti device is set to the qdisc of the sfb type, where the cb field of the sent skb may be modified during enqueuing. This can lead to slab-use-after-free when the ipvti device sends IPv6 packets. The issue stems from xfrmdecodesession being originally intended only for the receive path, where IP6CB(skb)->nhoff is not set during transmission. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) (RedHat).

The vulnerability could potentially lead to memory corruption in the Linux kernel when processing IPv6 packets through an ip_vti device with specific qdisc configurations. This could result in system crashes, information leaks, or potential privilege escalation (RedHat).

The fix involves setting the cb field in the skb to 0 before sending packets. This patch has been implemented in the Linux kernel. Red Hat has identified that this vulnerability affects Red Hat Enterprise Linux 8 and 9, while versions 6 and 7 are not affected (RedHat).