PT-2025-40697 · Linux+2 · Linux Kernel+2

Published

2023-08-04

Updated

2025-11-28

CVE-2023-53555

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s memory management subsystem, specifically within the DAMON (Data Access MONitor) functionality. The damos new filter() function does not initialize the list field of newly allocated filter objects. This lack of initialization, coupled with the absence of initialization in the DAMON sysfs interface and DAMON RECLAIM, can lead to accessing uninitialized memory. Adding multiple DAMOS filters through the DAMON sysfs interface can trigger a NULL pointer dereference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-476

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2026-04413

CVE-2023-53555

RHSA-2025:6966

RHSA-2025_6966

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4301-1

Affected Products

Linux Kernel

Red Hat

Suse

PT-2025-40697 · Linux+2 · Linux Kernel+2

CVE-2023-53555

Weakness Enumeration

Related Identifiers

Affected Products

References · 1013