PT-2025-40202 · Linux+1 · Linux Kernel+1

Published

2023-09-08

Updated

2025-11-19

CVE-2023-53495

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s ethernet subsystem, specifically within the mvpp2 ethtool get rxnfc() function. The issue involves a potential out-of-bounds write due to insufficient validation of user-supplied data, specifically the rule cnt variable, before it is used to allocate memory for rules. This could lead to a crash or potentially allow for arbitrary code execution. The rule cnt variable is received from user space and determines the size of the rules allocation. Without proper checks, this can result in an out-of-bounds write or a null pointer dereference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

NULL Pointer Dereference

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-476CWE-119

Related Identifiers

BDU:2025-16279

CVE-2023-53495

SUSE-SU-2025:03600-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

Affected Products

Linux Kernel

Suse

PT-2025-40202 · Linux+1 · Linux Kernel+1

CVE-2023-53495

Weakness Enumeration

Related Identifiers

Affected Products

References · 1408