CVE-2023-53543
HIGH EPSS 4.6%
Published Oct 4, 20258mo ago · Modified Jun 18, 20261w ago
7.8 CVSS 3.1
Published Oct 4, 2025 8mo ago
Last Modified Jun 18, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointer in info->attrs before entering into each handler in vdpa_nl_ops. That is to say, the missing part in vdpa_nl_policy may lead to illegal nlattr after parsing, which could lead to OOB read just like CVE-2023-3773. This patch adds the missing nla_policy for vdpa max vqp attr to avoid such bugs.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
4.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 9
References 4
- git.kernel.org https://git.kernel.org/stable/c/5d6ba607d6cb5c58a4ddf33381e18c83dbb4098f
- git.kernel.org https://git.kernel.org/stable/c/baed19c108ac8287425b93a44985bbe9a0b1af8d
- git.kernel.org https://git.kernel.org/stable/c/ea65e8b5e6b1a34deda7564f09c90e9e80db436a
- git.kernel.org https://git.kernel.org/stable/c/ff71709445ac033e6e250d971683110e4781c068
Remediation
- git.kernel.org https://git.kernel.org/stable/c/5d6ba607d6cb5c58a4ddf33381e18c83dbb4098f
- git.kernel.org https://git.kernel.org/stable/c/baed19c108ac8287425b93a44985bbe9a0b1af8d
- git.kernel.org https://git.kernel.org/stable/c/ea65e8b5e6b1a34deda7564f09c90e9e80db436a
- git.kernel.org https://git.kernel.org/stable/c/ff71709445ac033e6e250d971683110e4781c068