PT-2025-40220 · Linux+6 · Linux Kernel+6

Published

2023-02-06

Updated

2026-03-14

CVE-2023-53513

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the network block device (nbd) module related to incomplete validation of arguments passed through ioctl calls. Specifically, the issue arises from insufficient verification of the size argument in nbd ioctl, potentially leading to an integer overflow when calculating the inode size. Additionally, the argument passed to nbd add socket() can be cast to an integer, resulting in unexpected behavior if the value is excessively large. This could lead to errors and potentially compromise system stability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Uncontrolled Recursion

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-190

Related Identifiers

ALSA-2025:22387

ALSA-2025:22388

ALSA-2025_16880

ALSA-2025_22387

ALSA-2025_22388

BDU:2025-12902

CESA-2025_22387

CESA-2025_22388

CVE-2023-53513

INFSA-2025_22387

INFSA-2025_22388

RHSA-2024:2394

RHSA-2024_2394

RHSA-2025:22387

RHSA-2025:22388

RHSA-2026:0532

RHSA-2026:0533

RHSA-2026:0536

RHSA-2026:3388

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

Affected Products

Almalinux

Centos

Debian

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2025-40220 · Linux+6 · Linux Kernel+6

CVE-2023-53513

Weakness Enumeration

Related Identifiers

Affected Products

References · 746