CVE-2023-53259Out-of-bounds Read in Linux

CWE-125Out-of-bounds ReadCWE-476NULL Pointer Dereference6 documents6 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 95.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF The call to get_user_pages_fast() in vmci_host_setup_notify() can return NULL context->notify_page causing a GPF. To avoid GPF check if context->notify_page == NULL and return error if so. general protection fault, probably for non-canonical address 0xe0009d1000000060: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: maybe wild-memory-access in range [0

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDlinux/linux_kernel4.05.4.296+4
Debianlinux/linux_kernel< 5.10.244-1+3
CVEListV5linux/linuxa1d88436d53a75e950db15834b3d2f8c0c358fdcb4239bfb260d1e6837766c41a0b241d7670f1402+6

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF2025-09-15
GHSA
GHSA-jg4p-q5hx-rqgr: In the Linux kernel, the following vulnerability has been resolved: VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF2025-09-15
OSV
CVE-2023-53259: In the Linux kernel, the following vulnerability has been resolved: VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel VMCI: Denial of Service via GPF2025-09-15
Debian
CVE-2023-53259: linux - In the Linux kernel, the following vulnerability has been resolved: VMCI: check...2023
CVE-2023-53259 — Out-of-bounds Read in Linux | cvebase