PT-2025-40203 · Linux+1 · Linux Kernel+1

Published

2023-08-07

·

Updated

2025-11-19

·

CVE-2023-53496

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The UV code in the Linux kernel attempts to create tables for bidirectional socket to node lookups. When the number of CPUs (nr cpus) is set lower than the actual number of CPUs present, the cpu to node() mapping information for unused CPUs is unavailable during table creation. This can lead to skipping nodes or sockets, resulting in errors when the code encounters these missing entries. The issue arises from looping over all CPUs instead of directly using APICIDs mapped to valid NUMA nodes to extract socket IDs. This approach avoids errors related to disabled CPUs.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2025-16285
CVE-2023-53496
RHSA-2024:2394
RHSA-2024:3138
RHSA-2024:4108
SUSE-SU-2025:03600-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1

Affected Products

Linux Kernel
Suse