PT-2025-40170 · Linux+3 · Linux Kernel+3

Published

2023-06-29

·

Updated

2025-11-19

·

CVE-2023-53463

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The ibmvnic driver in the Linux kernel contains an issue where dql stats are incorrectly reset during a NON FATAL reset. This can lead to a discrepancy between the number of queued and completed bytes, potentially causing a BUG ON crash within the dynamic queue limits functionality. Specifically, the netdev tx reset queue() function resets byte counters, and a NON FATAL reset does not flush sub crq tx buffers, leading to inaccurate statistics. The issue occurs when the number of completed bytes exceeds the number of queued bytes, triggering the crash. The vulnerable code is located in lib/dynamic queue limits.c and involves the dql completed function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

BDU:2026-06097
CVE-2023-53463
SUSE-SU-2025:03600-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1

Affected Products

Astra Linux
Linux Kernel
Suse
Ibmvnic