Out-of-Bounds Write Vulnerability in Linux Kernel Ethernet Driver
CVE-2023-53495

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
1 October 2025

What is CVE-2023-53495?

A vulnerability exists in the Linux kernel's Ethernet driver where an out-of-bounds write could potentially occur in the mvpp2_ethtool_get_rxnfc() function. This issue stems from the way the 'rules' array is allocated based on user-supplied 'rule_cnt', which needs proper validation before usage to prevent both out-of-bounds writes and NULL pointer dereferences. If left unaddressed, this could lead to unexpected behavior or crashes in the affected systems, making it essential for users to apply the latest patches and updates.

Affected Version(s)

Linux 90b509b39ac9b09be88eb641c7a3abd8de06b698

Linux 90b509b39ac9b09be88eb641c7a3abd8de06b698 < 61054a8ddb176b155a8f2bacdfefb3727187f5d9

Linux 90b509b39ac9b09be88eb641c7a3abd8de06b698 < 5bb09dddc724c5f7c4dc6dd3bfebd685eecd93e8

References

https://git.kernel.org/stable/c/ba6673824efa3dc198b04a54e...
https://git.kernel.org/stable/c/61054a8ddb176b155a8f2bacd...
https://git.kernel.org/stable/c/5bb09dddc724c5f7c4dc6dd3b...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-53495 : Out-of-Bounds Write Vulnerability in Linux Kernel Ethernet Driver