CVE-2023-53331 (CNNVD-202509-2330)

UNKNOWN
中文标题:
Linux kernel 安全漏洞
英文标题:
pstore/ram: Check start of empty przs during init
CVSS分数: N/A
发布时间: 2025-09-16 16:12:06
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v4
漏洞描述
中文描述:

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未检查pstore/ram中空przs的起始位置,可能导致未来访问时引发崩溃。

英文描述:

In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as valid"), initialization would assume a prz was valid after seeing that the buffer_size is zero (regardless of the buffer start position). This unchecked start value means it could be outside the bounds of the buffer, leading to future access panics when written to: sysdump_panic_event+0x3b4/0x5b8 atomic_notifier_call_chain+0x54/0x90 panic+0x1c8/0x42c die+0x29c/0x2a8 die_kernel_fault+0x68/0x78 __do_kernel_fault+0x1c4/0x1e0 do_bad_area+0x40/0x100 do_translation_fault+0x68/0x80 do_mem_abort+0x68/0xf8 el1_da+0x1c/0xc0 __raw_writeb+0x38/0x174 __memcpy_toio+0x40/0xac persistent_ram_update+0x44/0x12c persistent_ram_write+0x1a8/0x1b8 ramoops_pstore_write+0x198/0x1e8 pstore_console_write+0x94/0xe0 ... To avoid this, also check if the prz start is 0 during the initialization phase. If not, the next prz sanity check case will discover it (start > size) and zap the buffer back to a sane state. [kees: update commit log with backtrace and clarifications]

CWE类型:
CWE-787
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Linux Linux ec7f99261da9a20d63cbd273511a11a2efe698f2 - - cpe:2.3:a:linux:linux:ec7f99261da9a20d63cbd273511a11a2efe698f2:*:*:*:*:*:*:*
Linux Linux f250e4c562a3bd106575032666e9ef46f31231f8 - - cpe:2.3:a:linux:linux:f250e4c562a3bd106575032666e9ef46f31231f8:*:*:*:*:*:*:*
Linux Linux fffdbf586866e9500b53c9d4b061d3983720375a - - cpe:2.3:a:linux:linux:fffdbf586866e9500b53c9d4b061d3983720375a:*:*:*:*:*:*:*
Linux Linux 9e969ba431b46b1891c88cea36f722f3bfe8a180 - - cpe:2.3:a:linux:linux:9e969ba431b46b1891c88cea36f722f3bfe8a180:*:*:*:*:*:*:*
Linux Linux 5.0 - - cpe:2.3:a:linux:linux:5.0:*:*:*:*:*:*:*
linux linux_kernel * - - cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
CVSS评分详情
暂无CVSS评分信息
时间信息
发布时间:
2025-09-16 16:12:06
修改时间:
2025-09-16 16:12:06
创建时间:
2025-11-11 15:38:49
更新时间:
2026-01-15 06:00:24
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2023-53331 2025-11-11 15:22:15 2025-11-11 07:38:49
NVD nvd_CVE-2023-53331 2025-11-11 14:59:22 2025-11-11 07:46:53
CNNVD cnnvd_CNNVD-202509-2330 2025-11-11 15:12:57 2025-11-11 08:00:11
版本与语言
当前版本: v4
主要语言: EN
支持语言:
ZH EN
安全公告
暂无安全公告信息
变更历史
v4 NVD
2026-01-12 02:26:58
affected_products_count: 5 → 6
查看详细变更
  • affected_products_count: 5 -> 6
v3 CNNVD
2025-11-11 16:00:11
vulnerability_type: 未提取 → 其他; severity: SeverityLevel.MEDIUM → SeverityLevel.UNKNOWN; cvss_score: 未提取 → 0.0; cnnvd_id: 未提取 → CNNVD-202509-2330; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.UNKNOWN
  • cvss_score: 未提取 -> 0.0
  • cnnvd_id: 未提取 -> CNNVD-202509-2330
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:46:53
data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • data_sources: ['cve'] -> ['cve', 'nvd']