#VU106233 Input validation error in Linux kernel - CVE-2023-53006

Cybersecurity Help s.r.o.

Published: 2025-03-28

Vulnerability identifier: #VU106233

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-53006

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the smbd_destroy() function in fs/cifs/smbdirect.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/4b83bc6f87eedab4599b0123e572a422689444be
https://git.kernel.org/stable/c/5109607a4ece7cd8536172bf7549eb4dce1f3576
https://git.kernel.org/stable/c/91be54849d5392050f5b847b42bd5e6221551ac8
https://git.kernel.org/stable/c/a9640c0b268405f2540e8203a545e930ea88bb7d
https://git.kernel.org/stable/c/b7ab9161cf5ddc42a288edf9d1a61f3bdffe17c7
https://git.kernel.org/stable/c/e037baee16e0b9ace7e730888fcae9cec11daff2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Input validation error in Linux kernel cifs