VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54133

CVE-2023-54133

Description

In the Linux kernel, the following vulnerability has been resolved:

nfp: clean mc addresses in application firmware when closing port

When moving devices from one namespace to another, mc addresses are cleaned in software while not removed from application firmware. Thus the mc addresses are remained and will cause resource leak.

Now use __dev_mc_unsync to clean mc addresses when closing port.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A Linux kernel vulnerability in the nfp driver nfp fails to remove multicast addresses from application firmware when closing a port, causing resource leak.

Root

Cause

The vulnerability resides in the Linux kernel's nfp (Netronome Flow Processor) driver. When a network port is closed, the driver cleans multicast (mc) addresses in software state but does not synchronize this removal with the application firmware. As a result, the firmware retains the multicast addresses, leading to a resource leak [1].

Exploitation

An attacker can trigger this issue by moving network devices between namespaces, which causes the port to be closed and reopened. No special privileges beyond the ability to manage network namespaces are required. The leak accumulates over repeated operations, exhausting firmware resources [1].

Impact

A local attacker can exhaust the application firmware's multicast address table, potentially causing denial of service for multicast traffic handling. The leak persists until the system is rebooted or the firmware is reset [1].

Mitigation

The fix, introduced in Linux kernel commit c427221733d49fd1e1b79b4a86746acf3ef660e7, uses __dev_mc_unsync to properly clean multicast addresses from firmware when closing a port. Users should apply the latest stable kernel updates to remediate this issue [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

2
c427221733d4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
cc7eab25b1cf
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.