{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T06:45:16.942","vulnerabilities":[{"cve":{"id":"CVE-2023-53109","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-05-02T16:15:29.823","lastModified":"2025-11-10T17:54:04.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tunnels: annotate lockless accesses to dev->needed_headroom\n\nIP tunnels can apparently update dev->needed_headroom\nin their xmit path.\n\nThis patch takes care of three tunnels xmit, and also the\ncore LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA()\nhelpers.\n\nMore changes might be needed for completeness.\n\nBUG: KCSAN: data-race in ip_tunnel_xmit \/ ip_tunnel_xmit\n\nread to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1:\nip_tunnel_xmit+0x1270\/0x1730 net\/ipv4\/ip_tunnel.c:803\n__gre_xmit net\/ipv4\/ip_gre.c:469 [inline]\nipgre_xmit+0x516\/0x570 net\/ipv4\/ip_gre.c:661\n__netdev_start_xmit include\/linux\/netdevice.h:4881 [inline]\nnetdev_start_xmit include\/linux\/netdevice.h:4895 [inline]\nxmit_one net\/core\/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127\/0x400 net\/core\/dev.c:3596\n__dev_queue_xmit+0x1007\/0x1eb0 net\/core\/dev.c:4246\ndev_queue_xmit include\/linux\/netdevice.h:3051 [inline]\nneigh_direct_output+0x17\/0x20 net\/core\/neighbour.c:1623\nneigh_output include\/net\/neighbour.h:546 [inline]\nip_finish_output2+0x740\/0x840 net\/ipv4\/ip_output.c:228\nip_finish_output+0xf4\/0x240 net\/ipv4\/ip_output.c:316\nNF_HOOK_COND include\/linux\/netfilter.h:291 [inline]\nip_output+0xe5\/0x1b0 net\/ipv4\/ip_output.c:430\ndst_output include\/net\/dst.h:444 [inline]\nip_local_out+0x64\/0x80 net\/ipv4\/ip_output.c:126\niptunnel_xmit+0x34a\/0x4b0 net\/ipv4\/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451\/0x1730 net\/ipv4\/ip_tunnel.c:813\n__gre_xmit net\/ipv4\/ip_gre.c:469 [inline]\nipgre_xmit+0x516\/0x570 net\/ipv4\/ip_gre.c:661\n__netdev_start_xmit include\/linux\/netdevice.h:4881 [inline]\nnetdev_start_xmit include\/linux\/netdevice.h:4895 [inline]\nxmit_one net\/core\/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127\/0x400 net\/core\/dev.c:3596\n__dev_queue_xmit+0x1007\/0x1eb0 net\/core\/dev.c:4246\ndev_queue_xmit include\/linux\/netdevice.h:3051 [inline]\nneigh_direct_output+0x17\/0x20 net\/core\/neighbour.c:1623\nneigh_output include\/net\/neighbour.h:546 [inline]\nip_finish_output2+0x740\/0x840 net\/ipv4\/ip_output.c:228\nip_finish_output+0xf4\/0x240 net\/ipv4\/ip_output.c:316\nNF_HOOK_COND include\/linux\/netfilter.h:291 [inline]\nip_output+0xe5\/0x1b0 net\/ipv4\/ip_output.c:430\ndst_output include\/net\/dst.h:444 [inline]\nip_local_out+0x64\/0x80 net\/ipv4\/ip_output.c:126\niptunnel_xmit+0x34a\/0x4b0 net\/ipv4\/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451\/0x1730 net\/ipv4\/ip_tunnel.c:813\n__gre_xmit net\/ipv4\/ip_gre.c:469 [inline]\nipgre_xmit+0x516\/0x570 net\/ipv4\/ip_gre.c:661\n__netdev_start_xmit include\/linux\/netdevice.h:4881 [inline]\nnetdev_start_xmit include\/linux\/netdevice.h:4895 [inline]\nxmit_one net\/core\/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127\/0x400 net\/core\/dev.c:3596\n__dev_queue_xmit+0x1007\/0x1eb0 net\/core\/dev.c:4246\ndev_queue_xmit include\/linux\/netdevice.h:3051 [inline]\nneigh_direct_output+0x17\/0x20 net\/core\/neighbour.c:1623\nneigh_output include\/net\/neighbour.h:546 [inline]\nip_finish_output2+0x740\/0x840 net\/ipv4\/ip_output.c:228\nip_finish_output+0xf4\/0x240 net\/ipv4\/ip_output.c:316\nNF_HOOK_COND include\/linux\/netfilter.h:291 [inline]\nip_output+0xe5\/0x1b0 net\/ipv4\/ip_output.c:430\ndst_output include\/net\/dst.h:444 [inline]\nip_local_out+0x64\/0x80 net\/ipv4\/ip_output.c:126\niptunnel_xmit+0x34a\/0x4b0 net\/ipv4\/ip_tunnel_core.c:82\nip_tunnel_xmit+0x1451\/0x1730 net\/ipv4\/ip_tunnel.c:813\n__gre_xmit net\/ipv4\/ip_gre.c:469 [inline]\nipgre_xmit+0x516\/0x570 net\/ipv4\/ip_gre.c:661\n__netdev_start_xmit include\/linux\/netdevice.h:4881 [inline]\nnetdev_start_xmit include\/linux\/netdevice.h:4895 [inline]\nxmit_one net\/core\/dev.c:3580 [inline]\ndev_hard_start_xmit+0x127\/0x400 net\/core\/dev.c:3596\n__dev_queue_xmit+0x1007\/0x1eb0 net\/core\/dev.c:4246\ndev_queue_xmit include\/linux\/netdevice.h:3051 [inline]\nneigh_direct_output+0x17\/0x20 net\/core\/neighbour.c:1623\nneigh_output include\/net\/neighbour.h:546 [inline]\nip_finish_output2+0x740\/0x840 net\/ipv4\/ip_output.c:228\nip_finish_output+0xf4\/0x240 net\/ipv4\/ip_output.c:316\nNF_HOOK_COND include\/linux\/netfilter.h:291 [inline]\nip_output+0xe5\/0x1b0 net\/i\n---truncated---"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tunnels: annotate, los accesos sin bloqueo a los túneles IP dev->needed_headroom aparentemente pueden actualizar dev->needed_headroom en su ruta de transmisión. Este parche soluciona la transmisión de tres túneles y también los ayudantes principales LL_RESERVED_SPACE() y LL_RESERVED_SPACE_EXTRA(). Es posible que se requieran más cambios para completar la solución. ERROR: KCSAN: ejecución de datos en ip_tunnel_xmit \/ ip_tunnel_xmit leído a 0xffff88815b9da0ec de 2 bytes por la tarea 888 en la CPU 1: ip_tunnel_xmit+0x1270\/0x1730 net\/ipv4\/ip_tunnel.c:803 __gre_xmit net\/ipv4\/ip_gre.c:469 [inline] ipgre_xmit+0x516\/0x570 net\/ipv4\/ip_gre.c:661 __netdev_start_xmit include\/linux\/netdevice.h:4881 [inline] netdev_start_xmit include\/linux\/netdevice.h:4895 [inline] xmit_one net\/core\/dev.c:3580 [inline] dev_hard_start_xmit+0x127\/0x400 net\/core\/dev.c:3596 __dev_queue_xmit+0x1007\/0x1eb0 net\/core\/dev.c:4246 dev_queue_xmit include\/linux\/netdevice.h:3051 [inline] neigh_direct_output+0x17\/0x20 net\/core\/neighbour.c:1623 neigh_output include\/net\/neighbour.h:546 [inline] ip_finish_output2+0x740\/0x840 net\/ipv4\/ip_output.c:228 ip_finish_output+0xf4\/0x240 net\/ipv4\/ip_output.c:316 NF_HOOK_COND include\/linux\/netfilter.h:291 [inline] ip_output+0xe5\/0x1b0 net\/ipv4\/ip_output.c:430 dst_output include\/net\/dst.h:444 [inline] ip_local_out+0x64\/0x80 net\/ipv4\/ip_output.c:126 iptunnel_xmit+0x34a\/0x4b0 net\/ipv4\/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451\/0x1730 net\/ipv4\/ip_tunnel.c:813 __gre_xmit net\/ipv4\/ip_gre.c:469 [inline] ipgre_xmit+0x516\/0x570 net\/ipv4\/ip_gre.c:661 __netdev_start_xmit include\/linux\/netdevice.h:4881 [inline] netdev_start_xmit include\/linux\/netdevice.h:4895 [inline] xmit_one net\/core\/dev.c:3580 [inline] dev_hard_start_xmit+0x127\/0x400 net\/core\/dev.c:3596 __dev_queue_xmit+0x1007\/0x1eb0 net\/core\/dev.c:4246 dev_queue_xmit include\/linux\/netdevice.h:3051 [inline] neigh_direct_output+0x17\/0x20 net\/core\/neighbour.c:1623 neigh_output include\/net\/neighbour.h:546 [inline] ip_finish_output2+0x740\/0x840 net\/ipv4\/ip_output.c:228 ip_finish_output+0xf4\/0x240 net\/ipv4\/ip_output.c:316 NF_HOOK_COND include\/linux\/netfilter.h:291 [inline] ip_output+0xe5\/0x1b0 net\/ipv4\/ip_output.c:430 dst_output include\/net\/dst.h:444 [inline] ip_local_out+0x64\/0x80 net\/ipv4\/ip_output.c:126 iptunnel_xmit+0x34a\/0x4b0 net\/ipv4\/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451\/0x1730 net\/ipv4\/ip_tunnel.c:813 __gre_xmit net\/ipv4\/ip_gre.c:469 [inline] ipgre_xmit+0x516\/0x570 net\/ipv4\/ip_gre.c:661 __netdev_start_xmit include\/linux\/netdevice.h:4881 [inline] netdev_start_xmit include\/linux\/netdevice.h:4895 [inline] xmit_one net\/core\/dev.c:3580 [inline] dev_hard_start_xmit+0x127\/0x400 net\/core\/dev.c:3596 __dev_queue_xmit+0x1007\/0x1eb0 net\/core\/dev.c:4246 dev_queue_xmit include\/linux\/netdevice.h:3051 [inline] neigh_direct_output+0x17\/0x20 net\/core\/neighbour.c:1623 neigh_output include\/net\/neighbour.h:546 [inline] ip_finish_output2+0x740\/0x840 net\/ipv4\/ip_output.c:228 ip_finish_output+0xf4\/0x240 net\/ipv4\/ip_output.c:316 NF_HOOK_COND include\/linux\/netfilter.h:291 [inline] ip_output+0xe5\/0x1b0 net\/ipv4\/ip_output.c:430 dst_output include\/net\/dst.h:444 [inline] ip_local_out+0x64\/0x80 net\/ipv4\/ip_output.c:126 iptunnel_xmit+0x34a\/0x4b0 net\/ipv4\/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451\/0x1730 net\/ipv4\/ip_tunnel.c:813 __gre_xmit net\/ipv4\/ip_gre.c:469 [inline] ipgre_xmit+0x516\/0x570 net\/ipv4\/ip_gre.c:661 __netdev_start_xmit include\/linux\/netdevice.h:4881 [inline] netdev_start_xmit include\/linux\/netdevice.h:4895 [inline] xmit_one net\/core\/dev.c:3580 [inline] dev_hard_start_xmit+0x127\/0x400 net\/core\/dev.c:3596 __dev_queue_xmit+0x1007\/0x1eb0 net\/core\/dev.c:4246 dev_queue_xmit include\/linux\/netdevice.h:3051 [inline] neigh_direct_output+0x17\/0x20 net\/core\/neighbour.c:1623 neigh_output include\/net\/neighbour.h:546 [inline] ip_finish_output2+0x740\/0x840 net\/ipv4\/ip_output.c:228 ip_finish_output+0xf4\/0x240 net\/ipv4\/ip_output.c:316 NF_HOOK_COND include\/linux\/netfilter.h:291 [inline] ip_output+0xe5\/0x1b0 net\/i ---truncado---"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"4.14.311","matchCriteriaId":"E94D11DA-636D-4F8E-9193-6FF40584E1EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.279","matchCriteriaId":"8E21A6F0-EF6A-4BB1-BEC0-09275FA55481"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.238","matchCriteriaId":"5FF05A65-6B32-4A9C-905D-6E0F17C6803B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.176","matchCriteriaId":"7DA7FEF3-FE10-4D78-94E4-BDCDA7371DD5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.104","matchCriteriaId":"EB8A3D70-3EE1-4B1C-8A21-21CA7356DCA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.21","matchCriteriaId":"1F1CA6A9-8F4D-408D-9116-868EC067DCD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.2.8","matchCriteriaId":"4011EC6B-7786-4709-B765-186FA31D6F7F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*","matchCriteriaId":"B8E3B0E8-FA27-4305-87BB-AF6C25B160CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*","matchCriteriaId":"A47F0FC3-CE52-4BA1-BA51-22F783938431"}]}]}],"references":[{"url":"https:\/\/git.kernel.org\/stable\/c\/4b397c06cb987935b1b097336532aa6b4210e091","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/51f3bd3765bc5ca4583af07a00833da00d2ace1d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/5aaab217c8f5387b9c5fff9e940d80f135e04366","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/8e206f66d824b3b28a7f9ee1366dfc79a937bb46","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/9b86a8702b042ee4e15d2d46375be873a6a8834f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/a69b72b57b7d269e833e520ba7500d556e8189b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/be59b87ee4aed81db7c10e44f603866a0ac3ca5d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https:\/\/git.kernel.org\/stable\/c\/e0a557fc1daf5c1086e47150a4571aebadbb62be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}