CVE-2023-53790Missing Initialization of Resource in Linux

CWE-909Missing Initialization of Resource6 documents5 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Zeroing allocated object from slab in bpf memory allocator Currently the freed element in bpf memory allocator may be immediately reused, for htab map the reuse will reinitialize special fields in map value (e.g., bpf_spin_lock), but lookup procedure may still access these special fields, and it may lead to hard-lockup as shown below: NMI backtrace for cpu 16 CPU: 16 PID: 2574 Comm: htab.bin Tainted: G L 6.1.0+ #1 Hardwa

Affected Packages4 packages

Linuxlinux/linux_kernel6.1.06.1.16+1
Debianlinux/linux_kernel< 6.1.20-1+2
CVEListV5linux/linux0fd7c5d43339b783ee3301a05f925d1e52ac87c9678ea18d6240299fd77d7000c8b1d7e5f274c8af+3
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-53790: In the Linux kernel, the following vulnerability has been resolved: bpf: Zeroing allocated object from slab in bpf memory allocator Currently the free2025-12-09
OSV
bpf: Zeroing allocated object from slab in bpf memory allocator2025-12-09
GHSA
GHSA-f32h-2m5f-x5c6: In the Linux kernel, the following vulnerability has been resolved: bpf: Zeroing allocated object from slab in bpf memory allocator Currently the fr2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: bpf: Zeroing allocated object from slab in bpf memory allocator2025-12-09
Debian
CVE-2023-53790: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Zeroin...2023