CVE-2023-53769 — Cleartext Transmission of Sensitive Info in Linux

CWE-319 — Cleartext Transmission of Sensitive Info6 documents5 sources

Severity

6.0MEDIUM

No vector

EPSS

0.0%

top 94.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy whole messages in or out as needed before doing any computation on them.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.19.0 — 6.1.28+2

▶Debianlinux/linux_kernel< 6.1.37-1+2

▶CVEListV5linux/linuxd5af44dde5461d125d1602ac913ab5c6bdf09b8b — 577a64725bfd77645986168e953d405067ee565b+4

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

OSV

virt/coco/sev-guest: Double-buffer messages↗2025-12-08

▶

OSV

CVE-2023-53769: In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and wri↗2025-12-08

▶

GHSA

GHSA-3jg5-f6fr-mw89: In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and w↗2025-12-08

▶

📋Vendor Advisories

Red Hat

kernel: virt/coco/sev-guest: Double-buffer messages↗2025-12-08

▶

Debian

CVE-2023-53769: linux - In the Linux kernel, the following vulnerability has been resolved: virt/coco/s...↗2023

▶