CVE-2023-53863Incorrect Calculation of Buffer Size in Linux

CWE-131Incorrect Calculation of Buffer Size7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.1%
top 80.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address [1] Replace ETH_ALEN by dev->addr_len. [1] (Case of a device where dev->addr_len = 4) BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copyout+0xb8/0x100 lib/iov_iter.c:169 instrument_copy_to_user include/linux/instr

Affected Packages4 packages

Linuxlinux/linux_kernel3.5.04.14.322+7
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxd83b060360485454fcd6870340ec01d6f96f229561d1bf3c34bf5fe936c50d1a4bc460babcc85e88+9
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-53863: In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that so2025-12-09
OSV
netlink: do not hard code device address lenth in fdb dumps2025-12-09
GHSA
GHSA-44vj-whpr-3frv: In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that2025-12-09

📋Vendor Advisories

2
Red Hat
kernel: netlink: do not hard code device address lenth in fdb dumps2025-12-09
Debian
CVE-2023-53863: linux - In the Linux kernel, the following vulnerability has been resolved: netlink: do...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53863 Impact, Exploitability, and Mitigation Steps | Wiz