CVE-2023-53080

In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL on overflow. Also remove a redundant u32 cast assigning umem->npgs.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3cfc3564411acf96bf2fb791f706a1aa4f872c1d	Patch
https://git.kernel.org/stable/c/580634b03a55f04a3c1968bcbd97736c079c6601	Patch
https://git.kernel.org/stable/c/a069909acc4435eeb41d05ccc03baa447cc01b7e	Patch
https://git.kernel.org/stable/c/bb2e3bfb2a79db0c2057c6f701b782954394c67f	Patch
https://git.kernel.org/stable/c/c7df4813b149362248d6ef7be41a311e27bf75fe	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc3::::::

History

12 Nov 2025, 20:49

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/3cfc3564411acf96bf2fb791f706a1aa4f872c1d -~~	() https://git.kernel.org/stable/c/3cfc3564411acf96bf2fb791f706a1aa4f872c1d - Patch
References	~~() https://git.kernel.org/stable/c/580634b03a55f04a3c1968bcbd97736c079c6601 -~~	() https://git.kernel.org/stable/c/580634b03a55f04a3c1968bcbd97736c079c6601 - Patch
References	~~() https://git.kernel.org/stable/c/a069909acc4435eeb41d05ccc03baa447cc01b7e -~~	() https://git.kernel.org/stable/c/a069909acc4435eeb41d05ccc03baa447cc01b7e - Patch
References	~~() https://git.kernel.org/stable/c/bb2e3bfb2a79db0c2057c6f701b782954394c67f -~~	() https://git.kernel.org/stable/c/bb2e3bfb2a79db0c2057c6f701b782954394c67f - Patch
References	~~() https://git.kernel.org/stable/c/c7df4813b149362248d6ef7be41a311e27bf75fe -~~	() https://git.kernel.org/stable/c/c7df4813b149362248d6ef7be41a311e27bf75fe - Patch
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:linux:linux_kernel:6.3:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.3:rc3:::::: cpe:2.3:o:linux:linux_kernel::::::::

05 May 2025, 20:54

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: Se ha añadido una comprobación de desbordamiento faltante en xdp_umem_reg. El número de fragmentos puede desbordar u32. Asegúrese de devolver -EINVAL en caso de desbordamiento. También se ha eliminado una conversión u32 redundante que asigna umem->npgs.

02 May 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-02 16:15

Updated : 2025-11-12 20:49

NVD link : CVE-2023-53080

Mitre link : CVE-2023-53080

CVE.ORG link : CVE-2023-53080

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10