CVE-2023-53218Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg() creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA packet content includes a summary of the connection parameters. However, sendmsg() may get interrupted before a connection gets assigned and further sendmsg() calls will fail with EBUSY until an as

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel4.116.2.16+1
Debianlinux/linux_kernel< 6.3.7-1+1
CVEListV5linux/linux540b1c48c37ac0ad66212004db21e1ff7e2d78be7161cf61c64e9e9413d790f2fa2b9dada71a2249+3
debiandebian/linux< linux 6.3.7-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-749j-m4j7-mhr2: In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg() creates a2025-09-15
OSV
CVE-2023-53218: In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg() creates an2025-09-15

📋Vendor Advisories

3
Red Hat
kernel: rxrpc: Make it so that a waiting process can be aborted2025-09-15
Microsoft
rxrpc: Make it so that a waiting process can be aborted2025-09-09
Debian
CVE-2023-53218: linux - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make...2023
CVE-2023-53218 — Linux vulnerability | cvebase