CVE-2023-53344

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc6-syzkaller-80422-geda666ff2276

Description The Linux kernel contains a flaw within the bcm tx setup function in the CAN (Controller Area Network) subsystem. Specifically, the issue involves an uninitialized value being used in a comparison after a potential error during a memory copy operation (memcpy from msg). This occurs when copying content to a newly allocated frame, potentially leading to a kernel memory safety issue. The vulnerability was identified through testing with Syzkaller, a coverage-guided fuzzer. The bcm tx setup function calls memcpy from msg to copy content, and if this function returns an error, the subsequent comparison uses uninitialized memory, triggering the issue.

Recommendations Update to Linux kernel version 6.2.0-rc6-syzkaller-80422-geda666ff2276 or a later version that includes the fix.

Exploit

Fix

Use of Uninitialized Resource

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-824

Related Identifiers

BDU:2026-03643

CVE-2023-53344

OESA-2025-2659

SUSE-SU-2025:03614-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Astra Linux

Linux Kernel

Suse

CVE-2023-53344

Weakness Enumeration

Related Identifiers

Affected Products

References · 1025