CVE-2023-54046Incorrect Check of Function Return Value in Linux

CWE-253Incorrect Check of Function Return Value7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of essiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.

Affected Packages4 packages

Linuxlinux/linux_kernel5.4.05.4.235+4
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxbe1eb7f78aa8fbe34779c56c266ccd0364604e71c61e7d182ee3f3f5ecf18a2964e303d49c539b52+6
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
crypto: essiv - Handle EBUSY correctly2025-12-24
OSV
CVE-2023-54046: In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special ret2025-12-24
GHSA
GHSA-m7wm-fq3g-5gmr: In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Handle EBUSY correctly As it is essiv only handles the special r2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: crypto: essiv - Handle EBUSY correctly2025-12-24
Debian
CVE-2023-54046: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: ess...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54046 Impact, Exploitability, and Mitigation Steps | Wiz