CVE-2023-53335
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-12-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() If get_ep_from_tid() fails to lookup non-NULL value for ep, ep is dereferenced later regardless of whether it is empty. This patch adds a simple sanity check to fix the issue. Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53335
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.7 (inc) to 5.15.99 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.16 (exc)
linux linux_kernel From 6.2 (inc) to 6.2.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a potential null pointer dereference in the Linux kernel's RDMA cxgb4 driver. Specifically, if the function get_ep_from_tid() fails to find a non-NULL endpoint (ep), the code later dereferences ep without checking if it is NULL, which can lead to a crash or undefined behavior. The issue was fixed by adding a sanity check to ensure ep is not NULL before dereferencing.

Impact Analysis

This vulnerability can cause the Linux kernel to crash or behave unpredictably due to a null pointer dereference in the RDMA cxgb4 driver. This could lead to denial of service or system instability on affected systems using this driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53335. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart