CVE-2023-53659

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the iavf driver related to out-of-bounds access during device removal when the number of channels is improperly handled. Specifically, if the number of channels is set to a value greater than the allocated transmit/receive rings, a kernel memory corruption issue can occur. This can lead to system instability or potentially allow for malicious code execution. The issue arises during the iavf remove function, triggered by setting a higher number of channels and a timeout during reset. The reproducer involves setting and resetting the number of virtual functions (VFs) and configuring network interfaces with combined channels.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-04110

CVE-2023-53659

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4111-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4301-1

SUSE-SU-2025:4320-1

SUSE-SU-2025:4530-1

SUSE-SU-2026:0032-1

Affected Products

Linux Kernel

Suse

Iavf

CVE-2023-53659

Weakness Enumeration

Related Identifiers

Affected Products

References · 1328