Uninitialized Variable Vulnerability in Linux Kernel's KVM Hypervisor
CVE-2023-53756

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2023-53756?

A vulnerability exists in the Linux kernel's KVM module where an uninitialized variable leads to a NULL pointer dereference. When enabling 'Enlightened VMCS' and 'Enlightened MSR Bitmap', an uninitialized per-CPU variable 'current_vmcs' can erroneously cause crashes by allowing incorrect access to its structure. Specifically, this flaw arises during the manipulation of MSR bitmaps in nested hypervisors. This situation can give rise to instability and unexpected behavior in virtual machines running on systems using KVM.

Affected Version(s)

Linux ceef7d10dfb6284d512c499292e6daa35ea83f90 < 6baebcecf09acd19e2bab1c2911dcdba5d48a1dc

Linux ceef7d10dfb6284d512c499292e6daa35ea83f90 < 6e7bc50f97c9855da83f1478f722590defd45ff2

Linux ceef7d10dfb6284d512c499292e6daa35ea83f90

References

https://git.kernel.org/stable/c/6baebcecf09acd19e2bab1c29...

https://git.kernel.org/stable/c/6e7bc50f97c9855da83f1478f...

https://git.kernel.org/stable/c/b2de2b4d4e007f9add46ea8dc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Dec 8, 2025

JSON