CVE-2023-53998

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the virtio random number generator (rng) device when handling entropy requests and data availability. Specifically, the issue occurs when a new request is initiated at the end of a read operation, leading to a potential race between the writing of new data and the next reader due to a lack of synchronization. This can occur because the data avail variable is not properly synchronized between the writer and the reader. The fix involves using smp store release when writing data avail and smp load acquire when reading it during the initial read operation. Redundant zeroing of data idx and data avail has also been removed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-53998

OESA-2026-1231

SUSE-SU-2026:0263-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

CVE-2023-53998

Related Identifiers

Affected Products

References · 2200