PT-2025-43106 · Linux+3 · Linux Kernel+3

Published

2023-05-24

Updated

2025-12-04

CVE-2023-53705

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s IPv6 functionality within the ipv6 find tlv() function. The issue involves accessing data out of bounds due to insufficient checks on the length of data to be parsed. Specifically, the optlen variable is retrieved without verifying if more than one byte needs parsing, potentially leading to an out-of-bounds access. This was discovered by InfoTeCS on behalf of Linux Verification Center using SVACE.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025_16880

BDU:2026-04018

CESA-2024_3138

CVE-2023-53705

RHSA-2023:6583

RHSA-2023_6583

RHSA-2024:3138

RHSA-2024_3138

RHSA-2026:0532

RHSA-2026:0533

RHSA-2026:0537

RHSA-2026:0576

RHSA-2026:0754

RHSA-2026:0755

RHSA-2026:1441

RHSA-2026:1442

RHSA-2026:1443

RHSA-2026:1512

SUSE-SU-2025:4111-1

SUSE-SU-2025:4135-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4188-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4315-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2025-43106 · Linux+3 · Linux Kernel+3

CVE-2023-53705

Weakness Enumeration

Related Identifiers

Affected Products

References · 671