CVE-2023-53508
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's ublk subsystem. Specifically, in the function ublk_ctrl_start_dev(), if the wait_for_completion_interruptible() call is interrupted by a signal, the device queues are not set up properly. If the UBLK_CMD_START_DEV command is not failed in this case, it can lead to a kernel oops (a kernel crash). The fix ensures that the device start fails if the queue setup is interrupted, preventing the kernel from crashing.
How can this vulnerability impact me? :
If this vulnerability is triggered, it can cause the Linux kernel to crash (kernel oops), potentially leading to system instability or downtime. This can affect systems using the ublk device subsystem, especially when signals interrupt the device start process, causing failure in device initialization and possible disruption of services relying on this functionality.