CVE-2023-53184Out-of-bounds Write in Linux

CWE-787Out-of-bounds WriteCWE-131Incorrect Calculation of Buffer Size5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Set new vector length before reallocating As part of fixing the allocation of the buffer for SVE state when changing SME vector length we introduced an immediate reallocation of the SVE state, this is also done when changing the SVE vector length for consistency. Unfortunately this reallocation is done prior to writing the new vector length to the task struct, meaning the allocation is done with the old vector lengt

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

Debianlinux/linux_kernel< 6.1.52-1+2
NVDlinux/linux_kernel6.1.42, 6.4.7, 6.5+2
CVEListV5linux/linuxaa5cf8bd1318b6e7d500668b318c07a71cde783b356e711640aea6ed145da9407499388b45264cb4+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53184: In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Set new vector length before reallocating As part of fixing the allocat2025-09-15
GHSA
GHSA-hx38-rpx2-8wv8: In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Set new vector length before reallocating As part of fixing the alloc2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: arm64/sme: Set new vector length before reallocating2025-09-15
Debian
CVE-2023-53184: linux - In the Linux kernel, the following vulnerability has been resolved: arm64/sme: ...2023
CVE-2023-53184 — Out-of-bounds Write in Linux | cvebase