CVE-2023-53843Improper Validation of Specified Quantity in Input in Linux

CWE-1284Improper Validation of Specified Quantity in Input7 documents6 sources
Severity
5.1MEDIUM
No vector
EPSS
0.0%
top 90.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next (commit 759ab1edb56c ("net: store netdevs in an xarray")) refactored the handling of pre-assigned ifindexes and let syzbot surface a latent problem in ovs. ovs does not validate ifindex, making it possible to create netdev ports with negative ifindex values. It's easy to repro with YNL: $ ./cli.py --spec netlink/specs/ovs_datapath.yaml \ --do new \ --json '{

Affected Packages4 packages

Linuxlinux/linux_kernel6.1.06.1.47+1
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux54c4ef34c4b6f9720fded620e2893894f9f2c554c965a58376146dcfdda186819462e8eb3aadef3a+3
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-26x8-4cm5-whjx: In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next (commit 7592025-12-09
OSV
CVE-2023-53843: In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: reject negative ifindex Recent changes in net-next (commit 759ab2025-12-09
OSV
net: openvswitch: reject negative ifindex2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: net: openvswitch: reject negative ifindex2025-12-09
Debian
CVE-2023-53843: linux - In the Linux kernel, the following vulnerability has been resolved: net: openvs...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53843 Impact, Exploitability, and Mitigation Steps | Wiz