CVE-2023-53621NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 7
Latest updateApr 20

Description

In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, we attempt to retrieve the memcg to which the folio belonged when it was evicted, by the memcg id stored in the shadow entry. However, there is a chance that the retrieved memcg is not the original memcg that has been killed, but a new one which happens to have the same id. This is a somewhat unfortunate, but acceptable and rare inaccura

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.36.5.4
Debianlinux/linux_kernel< 6.5.6-1+1
CVEListV5linux/linuxf78dfc7b77d5c3527d0f895bef693f711802de5ab9d30c38ee859d833a51131b5b4b864c7a6219d0+2
debiandebian/linux< linux 6.5.6-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 6.5.3 memcontrol mem_cgroup_get_nr_swap_pages null pointer dereference (WID-SEC-2025-2229)2026-04-20
GHSA
GHSA-qhmw-vr57-jm8g: In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recen2025-10-07
OSV
CVE-2023-53621: In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency2025-10-07

📋Vendor Advisories

2
Red Hat
kernel: memcontrol: ensure memcg acquired by id is properly set up2025-10-07
Debian
CVE-2023-53621: linux - In the Linux kernel, the following vulnerability has been resolved: memcontrol:...2023