CVE-2023-53464
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-10-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()") introduced this change which may lead to inconsistent values of tcp_sw_conn->sendpage and conn->datadgst_en. Fix the issue by moving the position of the assignment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-10-02
Generated
2026-06-16
AI Q&A
2025-10-01
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53464
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's iscsi_tcp component involves not properly checking if a socket (sock) is valid before assigning it in the iscsi_set_param() function. This can lead to incorrect or inconsistent values in certain TCP connection parameters, potentially causing null pointer dereferences or other unexpected behavior.

Impact Analysis

The vulnerability may cause inconsistent or incorrect TCP connection states within the iscsi_tcp driver, which could lead to system instability, crashes, or unexpected behavior in systems using iSCSI over TCP. This could affect data transmission reliability or system availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53464. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart