CVE-2023-53340
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-12-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.18 (inc) to 6.1.31 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.3.5 (exc) |
| linux | linux_kernel | 6.4 |
| linux | linux_kernel | 6.4 |
| linux | linux_kernel | 6.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-129 | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's mlx5 driver where it tries to collect failure data for commands issued by DEVX. DEVX can issue a general command not used by the mlx5 driver. When such a command fails, mlx5 attempts to collect failure data but does not allocate storage for this unknown command, leading to an array-index-out-of-bounds error. The fix involves checking if the command is known before collecting failure data.
How can this vulnerability impact me? :
The vulnerability can cause an array-index-out-of-bounds error in the mlx5 driver of the Linux kernel, which may lead to system instability, crashes, or potential denial of service. This could affect systems using the mlx5 driver when handling certain DEVX commands.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed version of the Linux kernel where the mlx5 driver has been corrected to check for known commands before collecting failure data, preventing the array-index-out-of-bounds error.