CVE-2023-54031
Out-of-Bounds Read in Linux vdpa_nl_policy Due to Missing Attribute
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the vdpa_nl_policy structure, which is responsible for validating netlink attributes (nlattr) when parsing incoming netlink messages (nlmsg). The vulnerability arises because the vdpa_nl_policy was missing the queue index attribute, which could lead to an illegal nlattr pointer after parsing. This improper validation can cause an out-of-bounds (OOB) read, similar to the issue described in CVE-2023-3773. The patch fixes this by adding the missing nla_policy for the vdpa queue index attribute to prevent such bugs.
How can this vulnerability impact me? :
This vulnerability can lead to an out-of-bounds read in the Linux kernel when processing netlink messages related to vdpa. Such OOB reads can cause system instability, crashes, or potentially expose sensitive kernel memory, which may be exploited by attackers to gain unauthorized information or cause denial of service.