CVE-2023-53726Numeric Range Comparison Without Minimum Check in Linux

CWE-839Numeric Range Comparison Without Minimum Check6 documents5 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 85.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c ("arm64: csum: Fix pathological zero-length calls") added an early return for zero-length input, syzkaller has popped up with an example of a _negative_ length which causes an undefined shift and an out-of-bounds read: | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39 | Read of size 4294966928 at add

Affected Packages4 packages

Linuxlinux/linux_kernel5.6.05.10.195+4
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux5777eaed566a1d63e344d3dd8f2b5e33be20643e5a85727239a23de1cc8d93985f1056308128f3e2+6
debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-53726: In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although comm2025-10-22
OSV
arm64: csum: Fix OoB access in IP checksum code for negative lengths2025-10-22
GHSA
GHSA-9wr9-q3c6-m872: In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although co2025-10-22

📋Vendor Advisories

2
Red Hat
kernel: arm64: csum: Fix OoB access in IP checksum code for negative lengths2025-10-22
Debian
CVE-2023-53726: linux - In the Linux kernel, the following vulnerability has been resolved: arm64: csum...2023