{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T05:47:17.203","vulnerabilities":[{"cve":{"id":"CVE-2023-53999","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-12-24T11:15:52.810","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: TC, Fix internal port memory leak\n\nThe flow rule can be splited, and the extra post_act rules are added\nto post_act table. It's possible to trigger memleak when the rule\nforwards packets from internal port and over tunnel, in the case that,\nfor example, CT 'new' state offload is allowed. As int_port object is\nassigned to the flow attribute of post_act rule, and its refcnt is\nincremented by mlx5e_tc_int_port_get(), but mlx5e_tc_int_port_put() is\nnot called, the refcnt is never decremented, then int_port is never\nfreed.\n\nThe kmemleak reports the following error:\nunreferenced object 0xffff888128204b80 (size 64):\n  comm \"handler20\", pid 50121, jiffies 4296973009 (age 642.932s)\n  hex dump (first 32 bytes):\n    01 00 00 00 19 00 00 00 03 f0 00 00 04 00 00 00  ................\n    98 77 67 41 81 88 ff ff 98 77 67 41 81 88 ff ff  .wgA.....wgA....\n  backtrace:\n    [<00000000e992680d>] kmalloc_trace+0x27/0x120\n    [<000000009e945a98>] mlx5e_tc_int_port_get+0x3f3/0xe20 [mlx5_core]\n    [<0000000035a537f0>] mlx5e_tc_add_fdb_flow+0x473/0xcf0 [mlx5_core]\n    [<0000000070c2cec6>] __mlx5e_add_fdb_flow+0x7cf/0xe90 [mlx5_core]\n    [<000000005cc84048>] mlx5e_configure_flower+0xd40/0x4c40 [mlx5_core]\n    [<000000004f8a2031>] mlx5e_rep_indr_offload.isra.0+0x10e/0x1c0 [mlx5_core]\n    [<000000007df797dc>] mlx5e_rep_indr_setup_tc_cb+0x90/0x130 [mlx5_core]\n    [<0000000016c15cc3>] tc_setup_cb_add+0x1cf/0x410\n    [<00000000a63305b4>] fl_hw_replace_filter+0x38f/0x670 [cls_flower]\n    [<000000008bc9e77c>] fl_change+0x1fd5/0x4430 [cls_flower]\n    [<00000000e7f766e4>] tc_new_tfilter+0x867/0x2010\n    [<00000000e101c0ef>] rtnetlink_rcv_msg+0x6fc/0x9f0\n    [<00000000e1111d44>] netlink_rcv_skb+0x12c/0x360\n    [<0000000082dd6c8b>] netlink_unicast+0x438/0x710\n    [<00000000fc568f70>] netlink_sendmsg+0x794/0xc50\n    [<0000000016e92590>] sock_sendmsg+0xc5/0x190\n\nSo fix this by moving int_port cleanup code to the flow attribute\nfree helper, which is used by all the attribute free cases."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/ac5da544a3c2047cbfd715acd9cec8380d7fe5c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bc1918bac0f30e3f551ef5649b53062917db55fa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}