LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53543: vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointer in info->attrs before entering into each handler in vdpa_nl_ops. That is to say, the missing part in vdpa_nl_policy may lead to illegal nlattr after parsing, which could lead to OOB read just like CVE-2023-3773. This patch adds the missing nla_policy for vdpa max vqp attr to avoid such bugs.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's Takeunknown

Analyst readout for executives and security teams

Plain-English summary

CVE-2023-53543 is a Linux kernel validation bug in the vDPA netlink policy. A missing attribute length policy could allow malformed netlink input to produce invalid attributes and cause an out-of-bounds read. The public record does not provide CVSS, confirmed exploitation, or detailed impact beyond that memory-read risk.

Executive priority

Treat this as a kernel maintenance priority, with higher urgency for virtualization and networking infrastructure using vDPA. The business risk is uncertain because public severity and exploitation evidence are incomplete, but kernel memory-safety issues should not be left unmanaged.

Technical view

The issue is in vdpa_nl_policy validation for vDPA netlink attributes. The missing policy entry for the max VQP attribute meant parsed nlattr pointers could be invalid before vdpa_nl_ops handlers processed them, creating an out-of-bounds read condition similar to CVE-2023-3773. Stable kernel commits add the missing nla_policy entry.

Likely exposure

Exposure is most relevant to Linux systems running affected kernel versions where vDPA functionality and its netlink interface are present. The source bundle does not state whether exploitation requires local access, specific privileges, or particular vDPA device configuration.

Exploitation context

CISA KEV status is false in the bundle, and no cited source confirms active exploitation. The available evidence describes a kernel out-of-bounds read prevention fix, not weaponized exploitation, exploit reliability, or attacker prerequisites.

Researcher notes

The record identifies missing nlattr policy validation for the max VQP attribute and potential OOB read. Public data does not include CVSS, CWE, exploit status, or privilege requirements. Review the stable commits and downstream advisories before assigning operational severity.

Mitigation direction

  • Apply Linux kernel updates containing the referenced stable fixes.
  • Prioritize virtualization or networking hosts using vDPA capabilities.
  • Check distribution vendor advisories for backported fixed kernel packages.
  • Avoid assuming source version strings map directly to distro package exposure.

Validation and detection

  • Inventory Linux kernel versions across servers and appliances.
  • Identify systems with vDPA kernel support or related virtualization networking use.
  • Compare installed kernels with vendor fixed package advisories.
  • Confirm referenced stable commits are present in custom kernels.
Prepared
Confidence
medium
Sources
6

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53543 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
5Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux447092100c7e71aa20469a270fcee441d807ed58, ad69dd0bf26b88ec6ab26f8bbe5cd74fbed7672a, ad69dd0bf26b88ec6ab26f8bbe5cd74fbed7672a, ad69dd0bf26b88ec6ab26f8bbe5cd74fbed7672a, 5.15.198unaffected
LinuxLinux5.16, 0, 5.15.209, 6.1.47, 6.4.12, 6.5affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.