Null Pointer Dereference in Linux Kernel vmbus Driver Impacting Multiple Environments
CVE-2023-53273

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 September 2025

What is CVE-2023-53273?

The vulnerability in the Linux kernel's vmbus driver can lead to a null pointer dereference when channel allocation is not adequately verified. Specifically, the function relid2channel() assumes that the vmbus channel array has been allocated at the moment it's called. If a second kernel is booted in scenarios such as kdump/kexec, not all relids may reset as expected by the host. This situation arises if a guest receives a vmbus interrupt during vmbus driver initialization, particularly before vmbus_connect() concludes, or if it fails entirely. Consequently, this issue raises significant concerns for systems relying on vmbus, prompting the need for stringent warnings and error handling in relid2channel() to address invalid channel IDs.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 8b6a877c060ed6b86878fe66c7c6493a6054cf23 < 176c6b4889195fbe7016d9401175b48c5c9edf68

Linux 8b6a877c060ed6b86878fe66c7c6493a6054cf23

Linux 8b6a877c060ed6b86878fe66c7c6493a6054cf23 < 8c3f0ae5435fd20bb1e3a8308488aa6ac33151ee

References

https://git.kernel.org/stable/c/176c6b4889195fbe7016d9401...
https://git.kernel.org/stable/c/c373e49fbb87aa177819866ed...
https://git.kernel.org/stable/c/8c3f0ae5435fd20bb1e3a8308...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.