Linux Kernel Vulnerability in Memory Management Functions
CVE-2023-53401

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 September 2025

What is CVE-2023-53401?

A vulnerability in the Linux kernel's memory management functions allows for a NULL pointer dereference during object stock flushing. This issue was detected by the Kernel Concurrency Sanitizer (KCSAN) and occurs when the cached object control group can be reset between a check and dereference, potentially leading to instability or crashes in systems utilizing affected kernel versions. Remediation involves implementing READ_ONCE() and WRITE_ONCE() for secure access to specific memory locations.

Affected Version(s)

Linux bf4f059954dcb221384b2f784677e19a13cd4bdb < 33d9490b27e5d8da4444aefd714a4f50189db978

Linux bf4f059954dcb221384b2f784677e19a13cd4bdb < 33391c7e1a2ad612bf3922cc168cb09a46bbe236

Linux bf4f059954dcb221384b2f784677e19a13cd4bdb < 3b8abb3239530c423c0b97e42af7f7e856e1ee96

References

https://git.kernel.org/stable/c/33d9490b27e5d8da4444aefd7...

https://git.kernel.org/stable/c/33391c7e1a2ad612bf3922cc1...

https://git.kernel.org/stable/c/3b8abb3239530c423c0b97e42...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Sep 17, 2025