CVE-2023-53165
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-11-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: udf: Fix uninitialized array access for some pathnames For filenames that begin with . and are between 2 and 5 characters long, UDF charset conversion code would read uninitialized memory in the output buffer. The only practical impact is that the name may be prepended a "unification hash" when it is not actually needed but still it is good to fix this.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-11-24
Generated
2026-06-16
AI Q&A
2025-09-15
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53165
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's UDF filesystem code. It involves uninitialized array access when handling certain filenames that start with a dot (.) and are between 2 and 5 characters long. Specifically, the UDF charset conversion code reads uninitialized memory in the output buffer, which can cause the filename to be incorrectly modified by prepending a "unification hash" even when it is not needed. The issue has been fixed.

Impact Analysis

The practical impact of this vulnerability is limited to the possibility that filenames may be incorrectly modified by having a "unification hash" prepended when it is not actually needed. There is no indication of further security impact such as data corruption, privilege escalation, or information disclosure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53165. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart