PT-2025-41130 · Linux+1 · Linux Kernel+1

Published

2025-10-07

Updated

2025-11-28

CVE-2023-53686

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc7-syzkaller-gfe4469582053

Description The Linux kernel contains a flaw in the net/handshake/netlink.c component, specifically within the handshake nl done doit() function. This issue can lead to a null pointer dereference when the socket lookup fails. The vulnerability occurs when attempting to call trace handshake cmd done err() before verifying the socket's validity, potentially causing a system crash. The root cause is an improper check for a valid socket before dereferencing it.

Recommendations Update the Linux kernel to version 6.5.0-rc7-syzkaller-gfe4469582053 or a later version that includes the fix.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2023-53686

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4301-1

Affected Products

Linux Kernel

Suse

PT-2025-41130 · Linux+1 · Linux Kernel+1

CVE-2023-53686

Weakness Enumeration

Related Identifiers

Affected Products

References · 1010