CVE-2023-53331

{"id": "CVE-2023-53331", "cveTags": [], "metrics": {}, "published": "2025-09-16T17:15:39.597", "references": [{"url": "https://git.kernel.org/stable/c/25fb4e3402d46f425ec135ef6f09792a4c1b3003", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/89312657337e6e03ad6e9ea1a462bd9c158c85c8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c807ccdd812d18985860504b503899f3140a9549", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dc2f60de9a7d3efd982440117dab5579898d808c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e95d7a8a6edd14f8fab44c777dd7281db91f6ae2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e972231db29b5d1dccc13bf9d5ba55b6979a69ed", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f77990358628b01bdc03752126ff5f716ea37615", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fe8c3623ab06603eb760444a032d426542212021", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fedecaeef88899d940b69368c996e8b3b0b8650d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Check start of empty przs during init\n\nAfter commit 30696378f68a (\"pstore/ram: Do not treat empty buffers as\nvalid\"), initialization would assume a prz was valid after seeing that\nthe buffer_size is zero (regardless of the buffer start position). This\nunchecked start value means it could be outside the bounds of the buffer,\nleading to future access panics when written to:\n\n sysdump_panic_event+0x3b4/0x5b8\n atomic_notifier_call_chain+0x54/0x90\n panic+0x1c8/0x42c\n die+0x29c/0x2a8\n die_kernel_fault+0x68/0x78\n __do_kernel_fault+0x1c4/0x1e0\n do_bad_area+0x40/0x100\n do_translation_fault+0x68/0x80\n do_mem_abort+0x68/0xf8\n el1_da+0x1c/0xc0\n __raw_writeb+0x38/0x174\n __memcpy_toio+0x40/0xac\n persistent_ram_update+0x44/0x12c\n persistent_ram_write+0x1a8/0x1b8\n ramoops_pstore_write+0x198/0x1e8\n pstore_console_write+0x94/0xe0\n ...\n\nTo avoid this, also check if the prz start is 0 during the initialization\nphase. If not, the next prz sanity check case will discover it (start >\nsize) and zap the buffer back to a sane state.\n\n[kees: update commit log with backtrace and clarifications]"}], "lastModified": "2025-09-17T14:18:55.093", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}