CVE-2023-53684
- Source
- https://cve.org/CVERecord?id=CVE-2023-53684
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53684.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53684
- Downstream
- Published
- 2025-10-07T15:21:37.413Z
- Modified
- 2026-04-02T09:44:49.252855Z
- Summary
- xfrm: Zero padding when dumping algos and encap
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
xfrm: Zero padding when dumping algos and encap
When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space.
This patch fixes the copying of xfrm algorithms and the encap template in xfrm_user so that padding is zeroed.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53684.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/0725daaa9a879388ed312110f62dbd5ea2d75f8f
- https://git.kernel.org/stable/c/1a351e26cc010d6991fbbd5701ac16581372e26f
- https://git.kernel.org/stable/c/5218af4ad5d8948faac19f71583bcd786c3852df
- https://git.kernel.org/stable/c/8222d5910dae08213b6d9d4bc9a7f8502855e624
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53684.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53684
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc7a5899eb26e2a4d516d53f65b6dd67be2228041Fixed0725daaa9a879388ed312110f62dbd5ea2d75f8fFixed5218af4ad5d8948faac19f71583bcd786c3852dfFixed1a351e26cc010d6991fbbd5701ac16581372e26fFixed8222d5910dae08213b6d9d4bc9a7f8502855e624