Linux Kernel Vulnerability in Crypto XTS Handling
CVE-2023-53494

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2023-53494?

In the Linux kernel's crypto module, a vulnerability related to the handling of special return values in the XTS cipher mode was identified. The XTS handling did not properly manage the EBUSY return value, which could lead to a use-after-free condition if backlogged requests occurred. This oversight could allow attackers to exploit the system, prompting the need for security updates to mitigate potential risks.

Affected Version(s)

Linux 8083b1bf8163e7ae7d8c90f221106d96450b8aa8 < 92a07ba4f0af2cccdc2aa5ee32679c9c9714db90

Linux 8083b1bf8163e7ae7d8c90f221106d96450b8aa8 < 912eb10b65646ffd222256c78a1c566a3dac177d

Linux 8083b1bf8163e7ae7d8c90f221106d96450b8aa8 < 57c3e1d63b63dc0841d41df729297cd7c1c35808

References

https://git.kernel.org/stable/c/92a07ba4f0af2cccdc2aa5ee3...

https://git.kernel.org/stable/c/912eb10b65646ffd222256c78...

https://git.kernel.org/stable/c/57c3e1d63b63dc0841d41df72...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Oct 1, 2025

JSON