CVE-2023-53494

EPSS 0.02%
Veröffentlicht 01.10.2025 12:15:52
Zuletzt bearbeitet 16.01.2026 20:45:58
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

crypto: xts - Handle EBUSY correctly

As it is xts only handles the special return value of EINPROGRESS,
which means that in all other cases it will free data related to the
request.

However, as the caller of xts may specify MAY_BACKLOG, we also need
to expect EBUSY and treat it in the same way.  Otherwise backlogged
requests will trigger a use-after-free.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.4 < 5.10.173

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.99

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.16

Linux ≫ Linux Kernel Version >= 6.2 < 6.2.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/51c082514c2dedf2711c99d93c196cc4eedceb40

Patch

https://git.kernel.org/stable/c/57c3e1d63b63dc0841d41df729297cd7c1c35808

Patch

https://git.kernel.org/stable/c/912eb10b65646ffd222256c78a1c566a3dac177d

Patch

https://git.kernel.org/stable/c/92a07ba4f0af2cccdc2aa5ee32679c9c9714db90

Patch

https://git.kernel.org/stable/c/d5870848879291700fe6c5257dcb48aadd10425c

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-53494

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53494

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53494

EUVD