CVE-2023-53331 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write CWE-129 — Improper Validation of Array Index5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 96.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 16

Description

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as valid"), initialization would assume a prz was valid after seeing that the buffer_size is zero (regardless of the buffer start position). This unchecked start value means it could be outside the bounds of the buffer, leading to future access panics when written to: sysdump_panic_event+0x3b4/0x5b8 atomic_noti…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel3.18.133 — 3.19+10

▶Debianlinux/linux_kernel< 5.10.197-1+3

▶CVEListV5linux/linuxe1e3a46706bd4037e8b7407dc660ae6e05b8ac56 — 89312657337e6e03ad6e9ea1a462bd9c158c85c8+13

▶debiandebian/linux< linux 6.1.55-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-v4w9-9vv8-m7qj: In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("ps↗2025-09-16

▶

OSV

CVE-2023-53331: In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("psto↗2025-09-16

▶

📋Vendor Advisories

Red Hat

kernel: pstore/ram: Check start of empty przs during init↗2025-09-16

▶

Debian

CVE-2023-53331: linux - In the Linux kernel, the following vulnerability has been resolved: pstore/ram:...↗2023

▶