CVE-2023-53817 — Linux vulnerability

6 documents5 sources

Severity

—N/A

No vector

EPSS

0.2%

top 63.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn value. mpi_cmp_ui() was detecting this if the second parameter was 0, but 1 is passed from dh_is_pubkey_valid(). This causes the null pointer u->d to be dereferenced towards the end of mpi_cmp_ui()

Affected Packages4 packages

▶Linuxlinux/linux_kernel3.7.0 — 4.14.326+6

▶Debianlinux/linux_kernel< 5.10.197-1+3

▶CVEListV5linux/linux12f008b6dc5ff1c822fdb2198d20e3dbdc92f3f5 — fde791e8a96a64ea7b0ad2440e43586447a209c6+8

▶debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

OSV

CVE-2023-53817: In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() During NVMeTCP Authenti↗2025-12-09

▶

OSV

crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()↗2025-12-09

▶

GHSA

GHSA-3w8q-vg6g-cg46: In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() During NVMeTCP Authen↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()↗2025-12-09

▶

Debian

CVE-2023-53817: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: lib...↗2023

▶