CVE-2023-53373
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/09/2025
Last modified:
19/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
crypto: seqiv - Handle EBUSY correctly<br />
<br />
As it is seqiv only handles the special return value of EINPROGERSS,<br />
which means that in all other cases it will free data related to the<br />
request.<br />
<br />
However, as the caller of seqiv may specify MAY_BACKLOG, we also need<br />
to expect EBUSY and treat it in the same way. Otherwise backlogged<br />
requests will trigger a use-after-free.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1effbddaff60eeef8017c6dea1ee0ed970164d14
- https://git.kernel.org/stable/c/32e62025e5e52fbe4812ef044759de7010b15dbc
- https://git.kernel.org/stable/c/36ec108b7bd7e280edb22de028467bd09d644620
- https://git.kernel.org/stable/c/4d497e8b200a175094e0ac252ed878add39b8771
- https://git.kernel.org/stable/c/63551e4b7cbcd9914258827699eb2cb6ed6e4a16
- https://git.kernel.org/stable/c/9477db935eb690f697d9bcc4f608927841bc8b36
- https://git.kernel.org/stable/c/ae849d2f48019ff9c104e32bf588ccbfb200e971
- https://git.kernel.org/stable/c/cc4d0d4251748a8a68026938f4055d2ac47c5719