CVE-2023-53684
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-02-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.3 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves improper handling of padding data when copying xfrm algorithms and encapsulation templates to user-space. Specifically, padding bytes in data structures were not zeroed out and could contain random, potentially sensitive data. This could lead to unintended exposure of sensitive kernel memory to user-space applications. The fix ensures that padding is zeroed before copying to user-space.
How can this vulnerability impact me? :
The vulnerability could lead to leakage of sensitive or random kernel memory data to user-space applications, potentially exposing confidential information or increasing the risk of information disclosure attacks.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to a Linux kernel version that includes the fix for this vulnerability, which ensures zero padding when dumping xfrm algorithms and encap templates to prevent leaking sensitive data to user-space.