CVE-2023-53273

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The relid2channel() function within the vmbus driver makes an assumption about the allocation of the vmbus channel array. Specifically, it assumes the array is allocated when called. However, during scenarios like kdump/kexec, not all relids are reset by the host. If a second kernel boots and a vmbus interrupt occurs during vmbus driver initialization—before vmbus connect() completes or fails—the interrupt service routine calls relid2channel() and may cause a null pointer dereference. The issue results in a warning message and an error within relid2channel() when an invalid channel ID is encountered in the second kernel.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

ALSA-2025_16880

BDU:2026-06006

CESA-2023_2951

CVE-2023-53273

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

SUSE-SU-2025:03613-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03626-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

CVE-2023-53273

Weakness Enumeration

Related Identifiers

Affected Products

References · 886