CVE-2023-53543
BaseFortify
Publication date: 2025-10-04
Last updated on: 2026-03-21
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | From 6.2 (inc) to 6.4.12 (exc) |
| linux | linux_kernel | From 5.15.198 (inc) to 6.1.47 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's vdpa component. It involves a missing attribute policy in the vdpa_nl_policy structure, which is used to validate netlink attributes (nlattr) when parsing incoming netlink messages. Without this policy, the parsing can produce an invalid nlattr pointer, potentially leading to an out-of-bounds (OOB) read similar to a previous vulnerability (CVE-2023-3773). The patch adds the missing policy to prevent such invalid parsing and OOB reads.
How can this vulnerability impact me? :
This vulnerability can lead to an out-of-bounds read in the Linux kernel when handling vdpa netlink messages. Such an OOB read could cause system instability, crashes, or potentially allow an attacker to read sensitive kernel memory, which may compromise system security.