Out-of-bounds read in Linux kernel fs



| Updated: 2025-05-10
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-53117
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU108443

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-53117

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __close_fd() function in fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.15 - 5.15.102

CPE2.3 External links

https://git.kernel.org/stable/c/3d5d9501b634fd268eb56428cda92cd317752d69
https://git.kernel.org/stable/c/609d54441493c99f21c1823dfd66fa7f4c512ff4
https://git.kernel.org/stable/c/6631c8da02cfad96c53b217cf647b511c7f34faf
https://git.kernel.org/stable/c/a759905de9cd6ec9ca08ceadf0920272772ed830
https://git.kernel.org/stable/c/cec08b7d1ebcd3138d4658b3868ce26aeb1e8e06
https://git.kernel.org/stable/c/eea8e4e056a5ffbeb539a13854c017d5d62c756a
https://git.kernel.org/stable/c/f31cd5da636682caea424fa1c22679016cbfc16b
https://git.kernel.org/stable/c/f8cd8754a03a3748384ee438c572423643c9c315
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.103


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###