CVE-2023-53825Detection of Error Condition Without Action in Linux

CWE-390Detection of Error Condition Without Action7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd720 ("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by updating kcm_tx_msg(head)->last_skb if partial data is copied so that the following sendmsg() will resume from the skb. However, we cannot know how many bytes were copied when we get the error. Thus, we could mess up the MSG_MO

Affected Packages4 packages

Linuxlinux/linux_kernel4.6.04.14.326+6
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linuxab7ac4eb9832e32a09f4e8042705484d2fb0aad321b467735b0888a8daa048f83d3b9b50fdab71ce+8
debiandebian/linux< linux 6.1.55-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-qqwx-6fr4-mfj2: In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg()2025-12-09
OSV
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().2025-12-09
OSV
CVE-2023-53825: In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg()2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg()2025-12-09
Debian
CVE-2023-53825: linux - In the Linux kernel, the following vulnerability has been resolved: kcm: Fix er...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53825 Impact, Exploitability, and Mitigation Steps | Wiz