CVE-2023-53643 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: don't access released socket during error recovery While the error recovery work is temporarily failing reconnect attempts, running the 'nvme list' command causes a kernel NULL pointer dereference by calling getsockname() with a released socket. During error recovery work, the nvme tcp socket is released and a new one created, so it is not safe to access the socket without proper check.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/76d54bf20cdcc1ed7569a89885e09636e9a8d71d
https://git.kernel.org/stable/c/d82f762db4776fa11de88018f0f5de2d5db72a72
https://git.kernel.org/stable/c/fe2d9e54165dadaa0d0cc3355c0be9c3e129fa0d

History

Tue, 07 Oct 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: don't access released socket during error recovery While the error recovery work is temporarily failing reconnect attempts, running the 'nvme list' command causes a kernel NULL pointer dereference by calling getsockname() with a released socket. During error recovery work, the nvme tcp socket is released and a new one created, so it is not safe to access the socket without proper check.
Title		nvme-tcp: don't access released socket during error recovery
References		https://git.kernel.org/stable/c/76d54bf20cdcc1ed7569a89885e09636e9a8d71d https://git.kernel.org/stable/c/d82f762db4776fa11de88018f0f5de2d5db72a72 https://git.kernel.org/stable/c/fe2d9e54165dadaa0d0cc3355c0be9c3e129fa0d

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-07T15:19:42.374Z

Updated: 2025-10-07T15:19:42.374Z

Reserved: 2025-10-07T15:16:59.658Z

Link: CVE-2023-53643

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-07T16:15:47.643

Modified: 2025-10-07T16:15:47.643

Link: CVE-2023-53643

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53643", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-10-07T15:16:59.658Z", "datePublished": "2025-10-07T15:19:42.374Z", "dateUpdated": "2025-10-07T15:19:42.374Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-07T15:19:42.374Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: don't access released socket during error recovery\n\nWhile the error recovery work is temporarily failing reconnect attempts,\nrunning the 'nvme list' command causes a kernel NULL pointer dereference\nby calling getsockname() with a released socket.\n\nDuring error recovery work, the nvme tcp socket is released and a new one\ncreated, so it is not safe to access the socket without proper check."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/tcp.c"], "versions": [{"version": "02c57a82c0081141abc19150beab48ef47f97f18", "lessThan": "fe2d9e54165dadaa0d0cc3355c0be9c3e129fa0d", "status": "affected", "versionType": "git"}, {"version": "02c57a82c0081141abc19150beab48ef47f97f18", "lessThan": "d82f762db4776fa11de88018f0f5de2d5db72a72", "status": "affected", "versionType": "git"}, {"version": "02c57a82c0081141abc19150beab48ef47f97f18", "lessThan": "76d54bf20cdcc1ed7569a89885e09636e9a8d71d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/tcp.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.18", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.5", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.2.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fe2d9e54165dadaa0d0cc3355c0be9c3e129fa0d"}, {"url": "https://git.kernel.org/stable/c/d82f762db4776fa11de88018f0f5de2d5db72a72"}, {"url": "https://git.kernel.org/stable/c/76d54bf20cdcc1ed7569a89885e09636e9a8d71d"}], "title": "nvme-tcp: don't access released socket during error recovery", "x_generator": {"engine": "bippy-1.2.0"}}}}