Kernel Vulnerability in Linux Product by Linux Foundation Affecting AES-S390 Driver
CVE-2023-53599

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2023-53599?

A vulnerability in the Linux kernel's af_alg subsystem, specifically related to the gcm-aes-s390 driver, has been identified. The issue arises from a failure to properly initialize the scatterlist array within the af_alg_alloc_areq() function. This can lead to kernel pointer dereferences when processing empty ciphertexts, causing the kernel to fault. The vulnerability exposes systems to potential crashes or instability during encryption operations. Proper initialization of the areq->first_rsgl structure is crucial to prevent malfunction during execution.

Affected Version(s)

Linux c1abe6f570aff4b6d396dc551e60570d2f50bd79 < 2c9d205040d7c0eaccc473917f9b0bb0a923e440

Linux c1abe6f570aff4b6d396dc551e60570d2f50bd79 < 6a4b8aa0a916b39a39175584c07222434fa6c6ef

Linux 6.5

References

https://git.kernel.org/stable/c/2c9d205040d7c0eaccc473917...

https://git.kernel.org/stable/c/6a4b8aa0a916b39a39175584c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Oct 4, 2025

JSON