CVE-2023-53393Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device Currently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0), there is a special handling in order to use the correct counters, but, port_num is being passed down the stack without any change. Also, some functions assume that port_num >=1. As a result, the following oops can occur. BUG: unable to handle page fault for address: ffff89510294f1a8 #PF: superviso

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.165.15.87+3
Debianlinux/linux_kernel< 6.1.7-1+2
CVEListV5linux/linuxaac4492ef23a176b6f1a41aadb99177eceb1fc068d89870d63758363b07ace5c2df82d6bf865f78b+4
debiandebian/linux< linux 6.1.7-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53393: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device Currently, when mlx5_ib_g2025-09-18
GHSA
GHSA-2633-6xpw-2gqx: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device Currently, when mlx5_ib2025-09-18

📋Vendor Advisories

2
Red Hat
kernel: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device2025-09-18
Debian
CVE-2023-53393: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: ...2023
CVE-2023-53393 — Out-of-bounds Write in Linux | cvebase