PT-2025-37647 · Linux+5 · Linux Kernel+5

Published

2025-09-15

Updated

2026-04-14

CVE-2023-53205

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue in the KVM component related to a race condition when accessing the physical CPU number in the diag 9c handler. The vulnerability occurs because the target CPU value can change between the initial check and its subsequent use, potentially leading to out-of-bound accesses to CPU arrays. A local variable is used to hold the physical target CPU to prevent this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2026-05872

CVE-2023-53205

RHSA-2023:6583

RHSA-2024:3138

SUSE-SU-2025:03600-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:3761-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Suse

PT-2025-37647 · Linux+5 · Linux Kernel+5

CVE-2023-53205

Weakness Enumeration

Related Identifiers

Affected Products

References · 2009