PT-2025-37650 · Linux+3 · Linux Kernel+3

Published

2023-08-03

Updated

2026-04-14

CVE-2023-53208

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the KVM nested virtualization implementation. Specifically, the code incorrectly loads the Time Stamp Counter (TSC) multiplier for L1 based on L1 state rather than L2 state during nested VM-Exit emulation. This can lead to a warning message and potentially unexpected behavior when userspace manipulates the MSR and CPUID features. The issue arises because the assertion that TSC scaling is exposed to L1 is flawed, allowing userspace to trigger a warning by writing to the MSR and updating the guest CPUID.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2026-02047

CVE-2023-53208

RHSA-2024:2394

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2025-37650 · Linux+3 · Linux Kernel+3

CVE-2023-53208

Weakness Enumeration

Related Identifiers

Affected Products

References · 1409