PT-2025-40201 · Linux+3 · Linux Kernel+3

Published

2023-01-22

Updated

2025-11-13

CVE-2023-53494

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the crypto/xts module where it incorrectly handles EBUSY errors. The module only processes the EINPROGRESS return value, leading to a use-after-free condition when backlogged requests encounter an EBUSY error. This occurs because the caller may specify MAY BACKLOG, requiring the module to also handle EBUSY errors appropriately.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-664

Related Identifiers

ALSA-2025:19409

ALSA-2025_16880

ALSA-2025_18281

ALSA-2025_19102

ALSA-2025_19103

ALSA-2025_19409

BDU:2025-12788

CVE-2023-53494

INFSA-2025_19409

INFSA-2025_21112

RHSA-2025:21051

RHSA-2025:21091

RHSA-2025:21112

RHSA-2025:21128

RHSA-2025:21136

RHSA-2025:21760

RHSA-2025_19409

RHSA-2025_21112

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Almalinux

Linux Kernel

Red Hat

Suse

PT-2025-40201 · Linux+3 · Linux Kernel+3

CVE-2023-53494

Weakness Enumeration

Related Identifiers

Affected Products

References · 876