-

CVE-2023-53372

EPSS 0.03%
Veröffentlicht 18.09.2025 13:33:19
Zuletzt bearbeitet 19.09.2025 16:00:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

sctp: fix a potential overflow in sctp_ifwdtsn_skip

Currently, when traversing ifwdtsn skips with _sctp_walk_ifwdtsn, it only
checks the pos against the end of the chunk. However, the data left for
the last pos may be < sizeof(struct sctp_ifwdtsn_skip), and dereference
it as struct sctp_ifwdtsn_skip may cause coverflow.

This patch fixes it by checking the pos against "the end of the chunk -
sizeof(struct sctp_ifwdtsn_skip)" in sctp_ifwdtsn_skip, similar to
sctp_fwdtsn_skip.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 4fbd094d4131a10d06a45d64158567052a35b3f4

Version 0fc2ea922c8ad5520c80f03facbf396c81dce802

Status affected

Version < ad831a7079c99c01e801764b53bc9997c2e9c0f7

Version 0fc2ea922c8ad5520c80f03facbf396c81dce802

Status affected

Version < 79b28f42214a3d0d6a8c514db3602260bd5d6cb5

Version 0fc2ea922c8ad5520c80f03facbf396c81dce802

Status affected

Version < 6109f5b13ce3e3e537db6f18976ec0e9118d1c6f

Version 0fc2ea922c8ad5520c80f03facbf396c81dce802

Status affected

Version < 5c9367ac5a22d71841bcd00130f9146c9b227d57

Version 0fc2ea922c8ad5520c80f03facbf396c81dce802

Status affected

Version < ad988e9b5ff04607e624a459209e8c2d0c15fc73

Version 0fc2ea922c8ad5520c80f03facbf396c81dce802

Status affected

Version < 32832a2caf82663870126c5186cf8f86c8b2a649

Version 0fc2ea922c8ad5520c80f03facbf396c81dce802

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.16

Status affected

Version < 4.16

Version 0

Status unaffected

Version <= 4.19.*

Version 4.19.281

Status unaffected

Version <= 5.4.*

Version 5.4.241

Status unaffected

Version <= 5.10.*

Version 5.10.178

Status unaffected

Version <= 5.15.*

Version 5.15.108

Status unaffected

Version <= 6.1.*

Version 6.1.25

Status unaffected

Version <= 6.2.*

Version 6.2.12

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/4fbd094d4131a10d06a45d64158567052a35b3f4

https://git.kernel.org/stable/c/ad831a7079c99c01e801764b53bc9997c2e9c0f7

https://git.kernel.org/stable/c/79b28f42214a3d0d6a8c514db3602260bd5d6cb5

https://git.kernel.org/stable/c/6109f5b13ce3e3e537db6f18976ec0e9118d1c6f

https://git.kernel.org/stable/c/5c9367ac5a22d71841bcd00130f9146c9b227d57

https://git.kernel.org/stable/c/ad988e9b5ff04607e624a459209e8c2d0c15fc73

https://git.kernel.org/stable/c/32832a2caf82663870126c5186cf8f86c8b2a649

https://nvd.nist.gov/vuln/detail/CVE-2023-53372

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53372

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53372

EUVD