CVE-2023-53600: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel (CVE-2023-53600) was discovered that affects the tunnels subsystem when generating IPv4 PMTU errors. The issue was identified on October 4, 2025, and involves a KASAN slab-out-of-bounds error in the ipcomputecsum function when attempting to emit an ICMP error in response to a nonlinear skb (NVD).

The vulnerability manifests as a slab-out-of-bounds read of size 4 at a specific memory address when the ipcomputecsum function attempts to process nonlinear skbs. The issue occurs in the kernel version 6.5.0-rc3+ and involves multiple kernel functions in the call stack, including iptunnelpmtudbuildicmp, skbtunnelcheckpmtu, and vxlanxmitone. The vulnerability has been assigned a CVSS v3.1 score of 7.0 with the vector string AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat).

The vulnerability can lead to a kernel crash when processing certain network packets, specifically when generating ICMP errors for PMTU (Path MTU) discovery. This can result in system instability and potential denial of service conditions, particularly affecting services using VXLAN tunneling (NVD).

The issue has been fixed in various Linux distributions through kernel updates. Debian has marked this as fixed in multiple versions including 5.10.223-1 for bullseye, 6.1.148-1 for bookworm, and 6.12.43-1 for trixie. Red Hat has also provided fixes for affected Enterprise Linux versions (Debian Tracker).