-

CVE-2023-53676

EPSS -
Published 07.10.2025 15:21:31
Last modified 07.10.2025 16:15:51
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()

The function lio_target_nacl_info_show() uses sprintf() in a loop to print
details for every iSCSI connection in a session without checking for the
buffer length. With enough iSCSI connections it's possible to overflow the
buffer provided by configfs and corrupt the memory.

This patch replaces sprintf() with sysfs_emit_at() that checks for buffer
boundries.

Affected products Warnungen 0 Metrics 0 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < df349e84c2cb0dd05d98c8e1189c26ab4b116083

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 114b44dddea1f8f99576de3c0e6e9059012002fc

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 5353df78c22623b42a71d51226d228a8413097e2

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 4738bf8b2d3635c2944b81b2a84d97b8c8b0978d

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 0cac6cbb9908309352a5d30c1876882771d3da50

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 801f287c93ff95582b0a2d2163f12870a2f076d4

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version <= 4.14.*

Version 4.14.326

Status unaffected

Version <= 4.19.*

Version 4.19.295

Status unaffected

Version <= 5.4.*

Version 5.4.257

Status unaffected

Version <= 5.10.*

Version 5.10.197

Status unaffected

Version <= 5.15.*

Version 5.15.133

Status unaffected

Version <= 6.1.*

Version 6.1.55

Status unaffected

Version <= 6.5.*

Version 6.5.5

Status unaffected

Version <= *

Version 6.6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/df349e84c2cb0dd05d98c8e1189c26ab4b116083

https://git.kernel.org/stable/c/114b44dddea1f8f99576de3c0e6e9059012002fc

https://git.kernel.org/stable/c/2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6

https://git.kernel.org/stable/c/bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a

https://git.kernel.org/stable/c/5353df78c22623b42a71d51226d228a8413097e2

https://git.kernel.org/stable/c/4738bf8b2d3635c2944b81b2a84d97b8c8b0978d

https://git.kernel.org/stable/c/0cac6cbb9908309352a5d30c1876882771d3da50

https://git.kernel.org/stable/c/801f287c93ff95582b0a2d2163f12870a2f076d4

https://nvd.nist.gov/vuln/detail/CVE-2023-53676

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53676

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53676

EUVD