CVE-2023-53273

MEDIUM

Linux Kernel 5.8-5.10.178 - Null Pointer Dereference in relid2channel()

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel() assumes vmbus channel array to be allocated when called. However, in cases such as kdump/kexec, not all relids will be reset by the host. When the second kernel boots and if the guest receives a vmbus interrupt during vmbus driver initialization before vmbus_connect() is called, before it finishes, or if it fails, the vmbus interrupt service routine is called which in turn calls relid2channel() and can cause a null pointer dereference. Print a warning and error out in relid2channel() for a channel id that's invalid in the second kernel.

References (5)

Core 5

Scores

CVSS v3 5.5
EPSS 0.0014
EPSS Percentile 4.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (14)
Linux/Linux < 5.8
Linux/Linux 5.10.178 - 5.10.*
Linux/Linux 5.15.107 - 5.15.*
Linux/Linux 5.8
Linux/Linux 6.1.24 - 6.1.*
Linux/Linux 6.2.11 - 6.2.*
Linux/Linux 6.3
Linux/Linux 8b6a877c060ed6b86878fe66c7c6493a6054cf23 - 176c6b4889195fbe7016d9401175b48c5c9edf68
Linux/Linux 8b6a877c060ed6b86878fe66c7c6493a6054cf23 - 1eb65c8687316c65140b48fad27133d583178e15
Linux/Linux 8b6a877c060ed6b86878fe66c7c6493a6054cf23 - 8c3f0ae5435fd20bb1e3a8308488aa6ac33151ee
... and 4 more
Published Sep 16, 2025
Tracked Since Feb 18, 2026