PT-2025-18801 · Linux+3 · Linux Kernel+3

Published

2023-02-28

·

Updated

2026-05-26

·

CVE-2023-53037

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue occurs when the SAS Transport Layer support is enabled and a device exposed to the OS by the driver fails INQUIRY commands. This leads to the driver freeing up the memory allocated for an internal HBA port data structure. However, in some places, the reference to the freed memory is not cleared. When the firmware sends the Device Info change event for the same device again, the freed memory is accessed, resulting in memory corruption and an OS crash.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-416

Related Identifiers

AZL-70120
BDU:2025-05363
CVE-2023-53037

Affected Products

Astra Linux
Debian
Linux Kernel
Red Os