CVE-2023-53996
Incorrect Encryption Status Handling in Linux Kernel SEV Causes Data Corruption
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's x86/sev component where the function enc_dec_hypercall() incorrectly accepted a page count (npages) instead of a size. This caused callers to round up sizes, leading to non-page aligned virtual addresses (vaddrs) causing pages to be incorrectly marked as decrypted. This incorrect marking caused consistent corruption of pages during live migration, which relies on accurate encryption status to migrate pages correctly.
How can this vulnerability impact me? :
The vulnerability can cause consistent corruption of memory pages during live migration of virtual machines. This means that if you use live migration in environments relying on this Linux kernel component, your migrated virtual machines could experience data corruption or instability due to incorrect encryption status handling.