CVE-2023-53705 — Out-of-bounds Read in Linux

CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

7.3HIGH

No vector

EPSS

0.0%

top 88.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6_find_tlv() optlen is fetched without checking whether there is more than one byte to parse. It can lead to out-of-bounds access. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

Affected Packages4 packages

▶Linuxlinux/linux_kernel2.6.19 — 4.14.316+6

▶Debianlinux/linux_kernel< 5.10.191-1+3

▶CVEListV5linux/linuxc61a404325093250b676f40ad8f4dd00f3bcab5f — 59e656d0d4a84ea0ee9a39c6f69160a3effccc94+8

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

OSV

ipv6: Fix out-of-bounds access in ipv6_find_tlv()↗2025-10-22

▶

OSV

CVE-2023-53705: In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6_find_tlv() optlen is fetched without checki↗2025-10-22

▶

GHSA

GHSA-27mw-8p8v-6j5h: In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6_find_tlv() optlen is fetched without chec↗2025-10-22

▶

📋Vendor Advisories

Red Hat

kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv()↗2025-10-22

▶

Debian

CVE-2023-53705: linux - In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix o...↗2023

▶