CVE-2023-53652
HIGH EPSS 9.2%
Published Oct 7, 20258mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
Published Oct 7, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: vdpa: Add features attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointer in info->attrs before entering into each handler in vdpa_nl_ops. That is to say, the missing part in vdpa_nl_policy may lead to illegal nlattr after parsing, which could lead to OOB read just like CVE-2023-3773. This patch adds the missing nla_policy for vdpa features attr to avoid such bugs.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
9.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 8
References 3
- git.kernel.org https://git.kernel.org/stable/c/44b508cc96889e61799cc0fc6c00766a54f3ab5a
- git.kernel.org https://git.kernel.org/stable/c/645d17e06c502e71b880b2b854930e5a64014640
- git.kernel.org https://git.kernel.org/stable/c/79c8651587504ba263d2fd67fd4406240fb21f69
Remediation
- git.kernel.org https://git.kernel.org/stable/c/44b508cc96889e61799cc0fc6c00766a54f3ab5a
- git.kernel.org https://git.kernel.org/stable/c/645d17e06c502e71b880b2b854930e5a64014640
- git.kernel.org https://git.kernel.org/stable/c/79c8651587504ba263d2fd67fd4406240fb21f69