CVE & CISA-KEV Catalog

CVE-2023-53798

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtool_link_ksettings' is not initialized in this path, drivers receive an uninitialized number of lanes in 'struct ethtool_link_ksettings::lanes'. When this information is later queried from drivers, it results in the ethtool code making decisions based on uninitialized memory, leading to the following KMSAN splat [1]. In practice, this most likely only happens with the tun driver that simply returns whatever it got in the set operation. As far as I can tell, this uninitialized memory is not leaked to user space thanks to the 'ethtool_ops->cap_link_lanes_supported' check in linkmodes_prepare_data(). Fix by initializing the structure in the IOCTL path. Did not find any more call sites that pass an uninitialized structure when calling 'ethtool_ops::set_link_ksettings()'. [1] BUG: KMSAN: uninit-value in ethnl_update_linkmodes net/ethtool/linkmodes.c:273 [inline] BUG: KMSAN: uninit-value in ethnl_set_linkmodes+0x190b/0x19d0 net/ethtool/linkmodes.c:333 ethnl_update_linkmodes net/ethtool/linkmodes.c:273 [inline] ethnl_set_linkmodes+0x190b/0x19d0 net/ethtool/linkmodes.c:333 ethnl_default_set_doit+0x88d/0xde0 net/ethtool/netlink.c:640 genl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] genl_rcv_msg+0x141a/0x14c0 net/netlink/genetlink.c:1065 netlink_rcv_skb+0x3f8/0x750 net/netlink/af_netlink.c:2577 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0xf41/0x1270 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x127d/0x1430 net/netlink/af_netlink.c:1942 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg net/socket.c:747 [inline] ____sys_sendmsg+0xa24/0xe40 net/socket.c:2501 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2555 __sys_sendmsg net/socket.c:2584 [inline] __do_sys_sendmsg net/socket.c:2593 [inline] __se_sys_sendmsg net/socket.c:2591 [inline] __x64_sys_sendmsg+0x36b/0x540 net/socket.c:2591 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: tun_get_link_ksettings+0x37/0x60 drivers/net/tun.c:3544 __ethtool_get_link_ksettings+0x17b/0x260 net/ethtool/ioctl.c:441 ethnl_set_linkmodes+0xee/0x19d0 net/ethtool/linkmodes.c:327 ethnl_default_set_doit+0x88d/0xde0 net/ethtool/netlink.c:640 genl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] genl_rcv_msg+0x141a/0x14c0 net/netlink/genetlink.c:1065 netlink_rcv_skb+0x3f8/0x750 net/netlink/af_netlink.c:2577 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0xf41/0x1270 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x127d/0x1430 net/netlink/af_netlink.c:1942 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg net/socket.c:747 [inline] ____sys_sendmsg+0xa24/0xe40 net/socket.c:2501 ___sys_sendmsg+0x2a1/0x3f0 net/socket.c:2555 __sys_sendmsg net/socket.c:2584 [inline] __do_sys_sendmsg net/socket.c:2593 [inline] __se_sys_sendmsg net/socket.c:2591 [inline] __x64_sys_sendmsg+0x36b/0x540 net/socket.c:2591 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was stored to memory at: tun_set_link_ksettings+0x37/0x60 drivers/net/tun.c:3553 ethtool_set_link_ksettings+0x600/0x690 net/ethtool/ioctl.c:609 __dev_ethtool net/ethtool/ioctl.c:3024 [inline] dev_ethtool+0x1db9/0x2a70 net/ethtool/ioctl.c:3078 dev_ioctl+0xb07/0x1270 net/core/dev_ioctl.c:524 sock_do_ioctl+0x295/0x540 net/socket.c:1213 sock_i ---truncated---

How to fix

Remediation Available
linuxDebian
Fixed in:6.1.37-1CVE-2023-53798
Fixed in:6.3.7-1CVE-2023-53798
Fixed in:6.3.7-1CVE-2023-53798
bpftoolRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
bpftoolRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
bpftool-debuginfoRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
bpftool-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernelRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernelRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-abi-stablelistsRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-abi-stablelistsRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-coreRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-coreRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debugRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debugRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-coreRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-coreRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-debuginfoRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-develRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-develRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-modulesRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-modulesRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-modules-extraRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debug-modules-extraRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfoRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfo-common-aarch64Rocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfo-common-aarch64Red Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfo-common-ppc64leRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfo-common-ppc64leRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfo-common-s390xRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfo-common-s390xRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfo-common-x86_64Rocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-debuginfo-common-x86_64Red Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-develRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-develRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-docRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-docRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-modulesRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-modulesRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-modules-extraRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-modules-extraRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-toolsRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-toolsRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-tools-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-tools-debuginfoRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-tools-libsRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-tools-libsRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-tools-libs-develRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-tools-libs-develRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdumpRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdumpRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-coreRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-coreRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-debuginfoRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-develRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-develRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-modulesRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-modulesRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-modules-extraRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
kernel-zfcpdump-modules-extraRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
perfRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
perfRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
perf-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
perf-debuginfoRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
python3-perfRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
python3-perfRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
python3-perf-debuginfoRocky
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
python3-perf-debuginfoRed Hat / RHEL
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138
Fixed in:0:4.18.0-553.el8_10RHSA-2024:3138

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.17%probability of exploitation in 30 days
6thpercentile

Low risk: more likely to be exploited than 6% of all known CVEs.

References

Embed a live status badge for CVE-2023-53798
CVE-2023-53798 severity badge

Markdown

[![CVE-2023-53798](https://tridentstack.com/cve/badge/CVE-2023-53798.svg)](https://tridentstack.com/cve/CVE-2023-53798)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-53798"><img src="https://tridentstack.com/cve/badge/CVE-2023-53798.svg" alt="CVE-2023-53798"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-12-09.