CVE-2023-53397
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-12-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.1 (inc) to 4.14.322 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 5.4.251 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.188 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.121 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.39 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.3.13 (exc) |
| linux | linux_kernel | From 6.4 (inc) to 6.4.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-193 | A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an off-by-one error in the Linux kernel function is_executable_section(). The comparison operator used was '>' when it should have been '>=' to prevent out of bounds array access. This means the code could access memory outside the intended array bounds, potentially leading to unexpected behavior or security issues.
How can this vulnerability impact me? :
The vulnerability could lead to out of bounds array access in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to exploit the kernel for privilege escalation or other malicious actions.