CVE-2023-53431 — Improper Validation of Specified Index, Position, or Offset in Input in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 18
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: ses: Handle enclosure with just a primary component gracefully
This reverts commit 3fe97ff3d949 ("scsi: ses: Don't attach if enclosure
has no components") and introduces proper handling of case where there are
no detected secondary components, but primary component (enumerated in
num_enclosures) does exist. That fix was originally proposed by Ding Hui
.
Completely ignoring devices that have one primary enclosure and no
…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linux9927c68864e9c39cc317b4f559309ba29e642168 — 4e7c498c3713b09bef20c76c7319555637e8bbd5+7
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-36rm-q238-p59m: In the Linux kernel, the following vulnerability has been resolved:
scsi: ses: Don't attach if enclosure has no components
An enclosure with no comp↗2025-09-18
OSV▶
CVE-2023-53431: In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts↗2025-09-18
📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2023-53431 kernel: Linux kernel: Denial of Service in scsi_ses due to enclosure with no components↗2025-09-18