CVE-2023-53373Use After Free in Linux

CWE-416Use After Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel2.6.254.14.308+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux0a270321dbf948963aeb0e8382fe17d2c2eb3771cc4d0d4251748a8a68026938f4055d2ac47c5719+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53373: In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special ret2025-09-18
GHSA
GHSA-gxr7-4mfg-37c7: In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special r2025-09-18

📋Vendor Advisories

2
Red Hat
kernel: crypto: seqiv - Handle EBUSY correctly2025-09-18
Debian
CVE-2023-53373: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: seq...2023
CVE-2023-53373 — Use After Free in Linux | cvebase