CVE-2023-53684 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. This patch fixes the copying of xfrm algorithms and the encap template in xfrm_user so that padding is zeroed.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0725daaa9a879388ed312110f62dbd5ea2d75f8f
https://git.kernel.org/stable/c/1a351e26cc010d6991fbbd5701ac16581372e26f
https://git.kernel.org/stable/c/5218af4ad5d8948faac19f71583bcd786c3852df
https://git.kernel.org/stable/c/8222d5910dae08213b6d9d4bc9a7f8502855e624

History

Tue, 07 Oct 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algos and encap When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. This patch fixes the copying of xfrm algorithms and the encap template in xfrm_user so that padding is zeroed.
Title		xfrm: Zero padding when dumping algos and encap
References		https://git.kernel.org/stable/c/0725daaa9a879388ed312110f62dbd5ea2d75f8f https://git.kernel.org/stable/c/1a351e26cc010d6991fbbd5701ac16581372e26f https://git.kernel.org/stable/c/5218af4ad5d8948faac19f71583bcd786c3852df https://git.kernel.org/stable/c/8222d5910dae08213b6d9d4bc9a7f8502855e624

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-07T15:21:37.413Z

Updated: 2025-10-07T15:21:37.413Z

Reserved: 2025-10-07T15:16:59.665Z

Link: CVE-2023-53684

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-07T16:15:52.653

Modified: 2025-10-07T16:15:52.653

Link: CVE-2023-53684

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53684", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-10-07T15:16:59.665Z", "datePublished": "2025-10-07T15:21:37.413Z", "dateUpdated": "2025-10-07T15:21:37.413Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-07T15:21:37.413Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Zero padding when dumping algos and encap\n\nWhen copying data to user-space we should ensure that only valid\ndata is copied over. Padding in structures may be filled with\nrandom (possibly sensitve) data and should never be given directly\nto user-space.\n\nThis patch fixes the copying of xfrm algorithms and the encap\ntemplate in xfrm_user so that padding is zeroed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/xfrm/xfrm_user.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0725daaa9a879388ed312110f62dbd5ea2d75f8f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "5218af4ad5d8948faac19f71583bcd786c3852df", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "1a351e26cc010d6991fbbd5701ac16581372e26f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8222d5910dae08213b6d9d4bc9a7f8502855e624", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/xfrm/xfrm_user.c"], "versions": [{"version": "5.15.106", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.23", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.10", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.106"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.2.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0725daaa9a879388ed312110f62dbd5ea2d75f8f"}, {"url": "https://git.kernel.org/stable/c/5218af4ad5d8948faac19f71583bcd786c3852df"}, {"url": "https://git.kernel.org/stable/c/1a351e26cc010d6991fbbd5701ac16581372e26f"}, {"url": "https://git.kernel.org/stable/c/8222d5910dae08213b6d9d4bc9a7f8502855e624"}], "title": "xfrm: Zero padding when dumping algos and encap", "x_generator": {"engine": "bippy-1.2.0"}}}}