CVE-2023-53495

HIGH

Linux kernel - Memory Corruption

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() rules is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rules to avoid OOB writing or NULL pointer dereference.

References (6)

[Patch] https://git.kernel.org/stable/c/349638f7e5d3c7d328565587bb7b0454bbee02e2

[Patch] https://git.kernel.org/stable/c/51fe0a470543f345e3c62b6798929de3ddcedc1d

[Patch] https://git.kernel.org/stable/c/5bb09dddc724c5f7c4dc6dd3bfebd685eecd93e8

[Patch] https://git.kernel.org/stable/c/61054a8ddb176b155a8f2bacdfefb3727187f5d9

[Patch] https://git.kernel.org/stable/c/625b70d31dd4df4b96b3ddcbe251debb33bd67f5

[Patch] https://git.kernel.org/stable/c/ba6673824efa3dc198b04a54e69dce480066d7d9

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status published

Affected Products (2)

linux/linux_kernel < 5.4.257

linux/linux_kernel

Timeline

Published Oct 01, 2025

Tracked Since Feb 18, 2026