CVE-2023-53273
BaseFortify
Publication date: 2025-09-16
Last updated on: 2025-12-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.8 (inc) to 5.10.178 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.107 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.24 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.2.11 (exc) |
| linux | linux_kernel | 6.3 |
| linux | linux_kernel | 6.3 |
| linux | linux_kernel | 6.3 |
| linux | linux_kernel | 6.3 |
| linux | linux_kernel | 6.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's vmbus driver. The function relid2channel() assumes that the vmbus channel array is allocated when it is called. However, in certain scenarios such as during kdump/kexec, not all relids are reset by the host. If the second kernel boots and the guest receives a vmbus interrupt during the vmbus driver initialization before vmbus_connect() is called or finishes, the interrupt service routine calls relid2channel(), which can cause a null pointer dereference due to the unallocated channel array. The fix involves checking for channel allocation before looking up relids and printing a warning and erroring out for invalid channel IDs in the second kernel.
How can this vulnerability impact me? :
This vulnerability can cause a null pointer dereference in the Linux kernel's vmbus driver during certain boot scenarios, which may lead to a kernel crash or system instability when the second kernel boots and receives a vmbus interrupt prematurely. This can impact system reliability and availability.