-
CVE-2023-53652
- EPSS -
- Published 07.10.2025 15:19:48
- Last modified 07.10.2025 16:15:48
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: vdpa: Add features attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointer in info->attrs before entering into each handler in vdpa_nl_ops. That is to say, the missing part in vdpa_nl_policy may lead to illegal nlattr after parsing, which could lead to OOB read just like CVE-2023-3773. This patch adds the missing nla_policy for vdpa features attr to avoid such bugs.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
44b508cc96889e61799cc0fc6c00766a54f3ab5a
Version
90fea5a800c3dd80fb8ad9a02929bcef5fde42b8
Status
affected
Version <
645d17e06c502e71b880b2b854930e5a64014640
Version
90fea5a800c3dd80fb8ad9a02929bcef5fde42b8
Status
affected
Version <
79c8651587504ba263d2fd67fd4406240fb21f69
Version
90fea5a800c3dd80fb8ad9a02929bcef5fde42b8
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
6.1
Status
affected
Version <
6.1
Version
0
Status
unaffected
Version <=
6.1.*
Version
6.1.47
Status
unaffected
Version <=
6.4.*
Version
6.4.12
Status
unaffected
Version <=
*
Version
6.5
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|