CVE-2023-53652
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-02-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | From 6.2 (inc) to 6.4.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's vdpa component. The vdpa_nl_policy structure, which validates netlink attributes (nlattr) when parsing incoming netlink messages, was missing a policy for the 'features' attribute. This omission could lead to an invalid nlattr pointer after parsing, potentially causing an out-of-bounds (OOB) read similar to CVE-2023-3773. The vulnerability was fixed by adding the missing nla_policy for the vdpa features attribute to ensure proper validation and prevent such bugs.
How can this vulnerability impact me? :
This vulnerability could allow an attacker to cause an out-of-bounds read in the Linux kernel's vdpa component by exploiting the missing validation of the 'features' attribute in netlink messages. Such an OOB read may lead to information disclosure, system instability, or crashes, potentially compromising system security and reliability.