Linux Kernel Vulnerability in Net/Handshake Component
CVE-2023-53686

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 7 October 2025

What is CVE-2023-53686?

A vulnerability exists in the Linux kernel within the net/handshake component, where improper handling of socket lookups can lead to a null pointer dereference. If the socket lookup fails, the subsequent calls to trace_handshake_cmd_done_err() can result in dereferencing garbage values. The issue is exacerbated by a failure to manage the flow of execution correctly, leading to potential system crashes or unauthorized access. This vulnerability highlights the need for rigorous error handling and validation during socket communication in kernel operations.

Affected Version(s)

Linux 3b3009ea8abb713b022d94fba95ec270cf6e7eae < 93d69f18edcca282351394c5870bec24cc99d745

Linux 3b3009ea8abb713b022d94fba95ec270cf6e7eae < 82ba0ff7bf0483d962e592017bef659ae022d754

Linux 6.4

References

https://git.kernel.org/stable/c/93d69f18edcca282351394c58...

https://git.kernel.org/stable/c/82ba0ff7bf0483d962e592017...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Oct 7, 2025

JSON