CVE-2023-53175
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.17 (inc) to 6.1.53 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.4.16 (exc) |
| linux | linux_kernel | From 6.5 (inc) to 6.5.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel when running a virtual machine (VM) on Hyper-V with an assigned PCI device. If the PCI device driver is not loaded yet (meaning MSI-X/MSI is not enabled), hibernating the VM causes a kernel panic due to a null pointer dereference in the function hv_pci_restore_msi_msg(). The panic happens because the code attempts to access MSI data that is still NULL. The fix involves checking whether MSI-X/MSI is enabled before accessing this data to avoid the crash.
How can this vulnerability impact me? :
This vulnerability can cause a Linux VM running on Hyper-V with an assigned PCI device to crash (kernel panic) during hibernation if the PCI device driver is not loaded. This can lead to system instability, unexpected downtime, and potential data loss if the VM crashes unexpectedly during hibernation.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the fix for the hv_pci_restore_msi_msg() crash during hibernation on Hyper-V is applied. Avoid hibernating VMs with assigned PCI devices that have not yet loaded their PCI device drivers or enabled MSI-X/MSI until the fix is in place.