-

CVE-2023-53259

EPSS 0.05%
Veröffentlicht 15.09.2025 14:46:30
Zuletzt bearbeitet 03.11.2025 18:15:41
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF

The call to get_user_pages_fast() in vmci_host_setup_notify() can return
NULL context->notify_page causing a GPF. To avoid GPF check if
context->notify_page == NULL and return error if so.

general protection fault, probably for non-canonical address
    0xe0009d1000000060: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0x0005088000000300-
    0x0005088000000307]
CPU: 2 PID: 26180 Comm: repro_34802241 Not tainted 6.1.0-rc4 #1
Hardware name: Red Hat KVM, BIOS 1.15.0-2.module+el8.6.0 04/01/2014
RIP: 0010:vmci_ctx_check_signal_notify+0x91/0xe0
Call Trace:
 <TASK>
 vmci_host_unlocked_ioctl+0x362/0x1f40
 __x64_sys_ioctl+0x1a1/0x230
 do_syscall_64+0x3a/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < b4239bfb260d1e6837766c41a0b241d7670f1402

Version a1d88436d53a75e950db15834b3d2f8c0c358fdc

Status affected

Version < d4198f67e7556b1507f14f60d81a72660e5560e4

Version a1d88436d53a75e950db15834b3d2f8c0c358fdc

Status affected

Version < a3c89e8c69a58f62451c0a75b77fcab25979b897

Version a1d88436d53a75e950db15834b3d2f8c0c358fdc

Status affected

Version < 055891397f530f9b1b22be38d7eca8b08382941f

Version a1d88436d53a75e950db15834b3d2f8c0c358fdc

Status affected

Version < 91b8e4f61f8f4594ee65368c8d89e6fdc29d3fb1

Version a1d88436d53a75e950db15834b3d2f8c0c358fdc

Status affected

Version < 1a726cb47fd204109c767409fa9ca15a96328f14

Version a1d88436d53a75e950db15834b3d2f8c0c358fdc

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.0

Status affected

Version < 4.0

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.296

Status unaffected

Version <= 5.10.*

Version 5.10.240

Status unaffected

Version <= 5.15.*

Version 5.15.99

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.165

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/b4239bfb260d1e6837766c41a0b241d7670f1402

https://git.kernel.org/stable/c/d4198f67e7556b1507f14f60d81a72660e5560e4

https://git.kernel.org/stable/c/a3c89e8c69a58f62451c0a75b77fcab25979b897

https://git.kernel.org/stable/c/055891397f530f9b1b22be38d7eca8b08382941f

https://git.kernel.org/stable/c/91b8e4f61f8f4594ee65368c8d89e6fdc29d3fb1

https://git.kernel.org/stable/c/1a726cb47fd204109c767409fa9ca15a96328f14

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

https://nvd.nist.gov/vuln/detail/CVE-2023-53259

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53259

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53259

EUVD