CVE-2023-53624Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or Wraparound6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 7
Latest updateApr 20

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_fq: fix integer overflow of "credit" if sch_fq is configured with "initial quantum" having values greater than INT_MAX, the first assignment of "credit" does signed integer overflow to a very negative value. In this situation, the syzkaller script provided by Cristoph triggers the CPU soft-lockup warning even with few sockets. It's not an infinite loop, but "credit" wasn't probably meant to be minus 2Gb for each

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel3.125.10.180+4
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxafe4fd062416b158a8a8538b23adc1930a9b88dc4b8a05e3801661a0438fcd0cdef181030d966a5a+6
debiandebian/linux< linux 6.1.37-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 6.3.1 sched fq_change credit integer overflow (Nessus ID 276910 / WID-SEC-2025-2229)2026-04-20
GHSA
GHSA-xhfr-4q2x-5mx4: In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_fq: fix integer overflow of "credit" if sch_fq is configured with2025-10-07
OSV
CVE-2023-53624: In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_fq: fix integer overflow of "credit" if sch_fq is configured with "2025-10-07

📋Vendor Advisories

2
Red Hat
kernel: net/sched: sch_fq: fix integer overflow of "credit"2025-10-07
Debian
CVE-2023-53624: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ...2023