VDB
CVE-2023-53502
CVE-2023-53502
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: xen/netback: Fix buffer overrun triggered by unusual packet It is possible that a guest can send a packet that contains a head + 18 slots and yet has a len <= XEN_NETBACK_TX_COPY_LEN. This causes nr_slots to underflow in xenvif_get_requests() which then causes the subsequent loop's termination condition to be wrong, causing a buffer overrun of queue->tx_map_ops. Rework the code to account for the extra frag_overflow slots. This is CVE-2023-34319 / XSA-432.
EPSS 0.02% · 5.3th percentile
Risk Scores
EPSS Score
0.02%
5.3th percentile
Timeline
- Oct 1, 2025 EPSS Score
- Oct 1, 2025 CVE Published
- Jan 24, 2026 CVE Updated
- Apr 29, 2026 Security Advisory
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-53502 advisory
- https://git.kernel.org/stable/c/11e6919ae028b5de1fc48007354ea07069561b31 url
- https://git.kernel.org/stable/c/534fc31d09b706a16d83533e16b5dc855caf7576 url
- https://git.kernel.org/stable/c/b14a3924c2675c22e07a5a190223b6b6cdc2867d url
- https://git.kernel.org/stable/c/bc7b9a6c2ca42b116b0f24dbaa52b5a07d96d1d6 url
- https://git.kernel.org/stable/c/cf482893f721f76ac60c0a43482a59b2f194156b url
- https://git.kernel.org/stable/c/e1142d87c185c7d7bbf05d175754638b5b9dbf16 url
- https://git.kernel.org/stable/c/f9167a2d6b943f30743de6ff8163d1981c34f9a9 url
- https://git.kernel.org/stable/c/fa5b932b77c815d0e416612859d5899424bb4212 url