CVE-2023-53331
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-16

Last updated on: 2025-12-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as valid"), initialization would assume a prz was valid after seeing that the buffer_size is zero (regardless of the buffer start position). This unchecked start value means it could be outside the bounds of the buffer, leading to future access panics when written to: sysdump_panic_event+0x3b4/0x5b8 atomic_notifier_call_chain+0x54/0x90 panic+0x1c8/0x42c die+0x29c/0x2a8 die_kernel_fault+0x68/0x78 __do_kernel_fault+0x1c4/0x1e0 do_bad_area+0x40/0x100 do_translation_fault+0x68/0x80 do_mem_abort+0x68/0xf8 el1_da+0x1c/0xc0 __raw_writeb+0x38/0x174 __memcpy_toio+0x40/0xac persistent_ram_update+0x44/0x12c persistent_ram_write+0x1a8/0x1b8 ramoops_pstore_write+0x198/0x1e8 pstore_console_write+0x94/0xe0 ... To avoid this, also check if the prz start is 0 during the initialization phase. If not, the next prz sanity check case will discover it (start > size) and zap the buffer back to a sane state. [kees: update commit log with backtrace and clarifications]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-16
Last Modified
2025-12-10
Generated
2026-05-07
AI Q&A
2025-09-16
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53331
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 3.18.133 (inc) to 3.19 (exc)
linux linux_kernel From 4.4.172 (inc) to 4.5 (exc)
linux linux_kernel From 4.9.153 (inc) to 4.10 (exc)
linux linux_kernel From 4.14.96 (inc) to 4.14.326 (exc)
linux linux_kernel From 4.19.18 (inc) to 4.19.295 (exc)
linux linux_kernel From 4.20.5 (inc) to 5.4.257 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.195 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.132 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.53 (exc)
linux linux_kernel From 6.2 (inc) to 6.4.16 (exc)
linux linux_kernel From 6.5 (inc) to 6.5.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's pstore/ram component. After a certain commit, the initialization process incorrectly assumed that a persistent RAM zone (prz) was valid if its buffer size was zero, without properly checking the start position of the buffer. This unchecked start value could be outside the buffer bounds, which may lead to kernel panics when the system tries to write to this invalid memory area. The fix involves adding a check for the start position during initialization to ensure it is valid and resetting the buffer if it is not.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to panic due to invalid memory access when writing to an improperly initialized persistent RAM buffer. Such kernel panics can lead to system crashes, instability, and potential data loss or downtime.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart