CVE-2023-53543: vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
In the Linux kernel, the following vulnerability has been resolved:
vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
The vdpa_nl_policy structure is used to validate the nlattr when parsing
the incoming nlmsg. It will ensure the attribute being described produces
a valid nlattr pointer in info->attrs before entering into each handler
in vdpa_nl_ops.
That is to say, the missing part in vdpa_nl_policy may lead to illegal
nlattr after parsing, which could lead to OOB read just like CVE-2023-3773.
This patch adds the missing nla_policy for vdpa max vqp attr to avoid
such bugs.
CVE-2023-53543 is a Linux kernel validation bug in the vDPA netlink policy. A missing attribute length policy could allow malformed netlink input to produce invalid attributes and cause an out-of-bounds read. The public record does not provide CVSS, confirmed exploitation, or detailed impact beyond that memory-read risk.
Executive priority
Treat this as a kernel maintenance priority, with higher urgency for virtualization and networking infrastructure using vDPA. The business risk is uncertain because public severity and exploitation evidence are incomplete, but kernel memory-safety issues should not be left unmanaged.
Technical view
The issue is in vdpa_nl_policy validation for vDPA netlink attributes. The missing policy entry for the max VQP attribute meant parsed nlattr pointers could be invalid before vdpa_nl_ops handlers processed them, creating an out-of-bounds read condition similar to CVE-2023-3773. Stable kernel commits add the missing nla_policy entry.
Likely exposure
Exposure is most relevant to Linux systems running affected kernel versions where vDPA functionality and its netlink interface are present. The source bundle does not state whether exploitation requires local access, specific privileges, or particular vDPA device configuration.
Exploitation context
CISA KEV status is false in the bundle, and no cited source confirms active exploitation. The available evidence describes a kernel out-of-bounds read prevention fix, not weaponized exploitation, exploit reliability, or attacker prerequisites.
Researcher notes
The record identifies missing nlattr policy validation for the max VQP attribute and potential OOB read. Public data does not include CVSS, CWE, exploit status, or privilege requirements. Review the stable commits and downstream advisories before assigning operational severity.
Mitigation direction
Apply Linux kernel updates containing the referenced stable fixes.
Prioritize virtualization or networking hosts using vDPA capabilities.
Check distribution vendor advisories for backported fixed kernel packages.
Avoid assuming source version strings map directly to distro package exposure.
Validation and detection
Inventory Linux kernel versions across servers and appliances.
Identify systems with vDPA kernel support or related virtualization networking use.
Compare installed kernels with vendor fixed package advisories.
Confirm referenced stable commits are present in custom kernels.
Based on public source material and reviewed before publication.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-53543 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
5Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Oct 4, 2025, 15:16 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.