CVE-2023-53684
EUVD-2025-3192607.10.2025, 16:15
In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. This patch fixes the copying of xfrm algorithms and the encap template in xfrm_user so that padding is zeroed.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.106 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.23 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.2.10 |
| linux | linux_kernel | 6.3:rc1 |
| linux | linux_kernel | 6.3:rc2 |
𝑥
= Vulnerable software versions
Debian Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| bpftool |
| ||
| bpftool-debuginfo |
| ||
| kernel |
| ||
| kernel-debuginfo |
| ||
| kernel-debuginfo-common-aarch64 |
| ||
| kernel-debuginfo-common-x86_64 |
| ||
| kernel-devel |
| ||
| kernel-headers |
| ||
| kernel-libbpf |
| ||
| kernel-libbpf-devel |
| ||
| kernel-libbpf-static |
| ||
| kernel-livepatch-6.1.23-36.46 |
| ||
| kernel-tools |
| ||
| kernel-tools-debuginfo |
| ||
| kernel-tools-devel |
| ||
| perf |
| ||
| perf-debuginfo |
| ||
| python3-perf |
| ||
| python3-perf-debuginfo |
|