cvelistv5 - cve-2023-53805

CVE-2023-53805 (GCVE-0-2023-53805)

Vulnerability from cvelistv5 – Published: 2025-12-09 00:01 – Updated: 2025-12-09 07:14

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-12-09T07:14:14.898Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53805",
    "datePublished": "2025-12-09T00:01:03.422Z",
    "dateRejected": "2025-12-09T07:14:14.898Z",
    "dateReserved": "2025-12-08T23:58:35.276Z",
    "dateUpdated": "2025-12-09T07:14:14.898Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-53805\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-09T01:16:52.407\",\"lastModified\":\"2025-12-09T16:17:20.660\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.\"}],\"metrics\":{},\"references\":[]}}"
  }
}

FKIE_CVE-2023-53805

Vulnerability from fkie_nvd - Published: 2025-12-09 01:16 - Updated: 2025-12-09 16:17

Severity ?

Summary

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

References

	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
    }
  ],
  "id": "CVE-2023-53805",
  "lastModified": "2025-12-09T16:17:20.660",
  "metrics": {},
  "published": "2025-12-09T01:16:52.407",
  "references": [],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Rejected"
}

GHSA-8GP2-JJMR-PF9F

Vulnerability from github – Published: 2025-12-09 03:31 – Updated: 2025-12-09 03:31

Details

In the Linux kernel, the following vulnerability has been resolved:

tty: n_gsm: fix UAF in gsm_cleanup_mux

In gsm_cleanup_mux() the 'gsm->dlci' pointer was not cleaned properly, leaving it a dangling pointer after gsm_dlci_release. This leads to use-after-free where 'gsm->dlci[0]' are freed and accessed by the subsequent gsm_cleanup_mux().

Such is the case in the following call trace:

__dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 print_address_description+0x63/0x3b0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:434 [inline] kasan_report+0x16b/0x1c0 mm/kasan/report.c:451 gsm_cleanup_mux+0x76a/0x850 drivers/tty/n_gsm.c:2397 gsm_config drivers/tty/n_gsm.c:2653 [inline] gsmld_ioctl+0xaae/0x15b0 drivers/tty/n_gsm.c:2986 tty_ioctl+0x8ff/0xc50 drivers/tty/tty_io.c:2816 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb

Allocated by task 3501: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] _kasankmalloc+0xba/0xf0 mm/kasan/common.c:513 kasan_kmalloc include/linux/kasan.h:264 [inline] kmem_cache_alloc_trace+0x143/0x290 mm/slub.c:3247 kmalloc include/linux/slab.h:591 [inline] kzalloc include/linux/slab.h:721 [inline] gsm_dlci_alloc+0x53/0x3a0 drivers/tty/n_gsm.c:1932 gsm_activate_mux+0x1c/0x330 drivers/tty/n_gsm.c:2438 gsm_config drivers/tty/n_gsm.c:2677 [inline] gsmld_ioctl+0xd46/0x15b0 drivers/tty/n_gsm.c:2986 tty_ioctl+0x8ff/0xc50 drivers/tty/tty_io.c:2816 vfs_ioctl fs/ioctl.c:51 [inline] do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb

Freed by task 3501: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4b/0x80 mm/kasan/common.c:46 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360 _kasanslab_free+0xd8/0x120 mm/kasan/common.c:366 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1705 [inline] slab_free_freelist_hook+0xdd/0x160 mm/slub.c:1731 slab_free mm/slub.c:3499 [inline] kfree+0xf1/0x270 mm/slub.c:4559 dlci_put drivers/tty/n_gsm.c:1988 [inline] gsm_dlci_release drivers/tty/n_gsm.c:2021 [inline] gsm_cleanup_mux+0x574/0x850 drivers/tty/n_gsm.c:2415 gsm_config drivers/tty/n_gsm.c:2653 [inline] gsmld_ioctl+0xaae/0x15b0 drivers/tty/n_gsm.c:2986 tty_ioctl+0x8ff/0xc50 drivers/tty/tty_io.c:2816 vfs_ioctl fs/ioctl.c:51 [inline] do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-53805"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-09T01:16:52Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix UAF in gsm_cleanup_mux\n\nIn gsm_cleanup_mux() the \u0027gsm-\u003edlci\u0027 pointer was not cleaned properly,\nleaving it a dangling pointer after gsm_dlci_release.\nThis leads to use-after-free where \u0027gsm-\u003edlci[0]\u0027 are freed and accessed\nby the subsequent gsm_cleanup_mux().\n\nSuch is the case in the following call trace:\n\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106\n print_address_description+0x63/0x3b0 mm/kasan/report.c:248\n __kasan_report mm/kasan/report.c:434 [inline]\n kasan_report+0x16b/0x1c0 mm/kasan/report.c:451\n gsm_cleanup_mux+0x76a/0x850 drivers/tty/n_gsm.c:2397\n gsm_config drivers/tty/n_gsm.c:2653 [inline]\n gsmld_ioctl+0xaae/0x15b0 drivers/tty/n_gsm.c:2986\n tty_ioctl+0x8ff/0xc50 drivers/tty/tty_io.c:2816\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\n \u003c/TASK\u003e\n\nAllocated by task 3501:\n kasan_save_stack mm/kasan/common.c:38 [inline]\n kasan_set_track mm/kasan/common.c:46 [inline]\n set_alloc_info mm/kasan/common.c:434 [inline]\n ____kasan_kmalloc+0xba/0xf0 mm/kasan/common.c:513\n kasan_kmalloc include/linux/kasan.h:264 [inline]\n kmem_cache_alloc_trace+0x143/0x290 mm/slub.c:3247\n kmalloc include/linux/slab.h:591 [inline]\n kzalloc include/linux/slab.h:721 [inline]\n gsm_dlci_alloc+0x53/0x3a0 drivers/tty/n_gsm.c:1932\n gsm_activate_mux+0x1c/0x330 drivers/tty/n_gsm.c:2438\n gsm_config drivers/tty/n_gsm.c:2677 [inline]\n gsmld_ioctl+0xd46/0x15b0 drivers/tty/n_gsm.c:2986\n tty_ioctl+0x8ff/0xc50 drivers/tty/tty_io.c:2816\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\n\nFreed by task 3501:\n kasan_save_stack mm/kasan/common.c:38 [inline]\n kasan_set_track+0x4b/0x80 mm/kasan/common.c:46\n kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360\n ____kasan_slab_free+0xd8/0x120 mm/kasan/common.c:366\n kasan_slab_free include/linux/kasan.h:230 [inline]\n slab_free_hook mm/slub.c:1705 [inline]\n slab_free_freelist_hook+0xdd/0x160 mm/slub.c:1731\n slab_free mm/slub.c:3499 [inline]\n kfree+0xf1/0x270 mm/slub.c:4559\n dlci_put drivers/tty/n_gsm.c:1988 [inline]\n gsm_dlci_release drivers/tty/n_gsm.c:2021 [inline]\n gsm_cleanup_mux+0x574/0x850 drivers/tty/n_gsm.c:2415\n gsm_config drivers/tty/n_gsm.c:2653 [inline]\n gsmld_ioctl+0xaae/0x15b0 drivers/tty/n_gsm.c:2986\n tty_ioctl+0x8ff/0xc50 drivers/tty/tty_io.c:2816\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x61/0xcb",
  "id": "GHSA-8gp2-jjmr-pf9f",
  "modified": "2025-12-09T03:31:11Z",
  "published": "2025-12-09T03:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53805"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5138c228311a863c3cf937b94a3ab4c87f1f70c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74a8d6f50cc90ed0061997db51dfa81a62b0f835"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8fc0eabaa73bbd9bd705577071564616da5c8c61"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9615ca54bc138e35353a001e8b5d4824dce72188"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b9c8195f3f0d74a826077fc1c01b9ee74907239"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-53805 (GCVE-0-2023-53805)

FKIE_CVE-2023-53805

GHSA-8GP2-JJMR-PF9F

Tags

Sightings

Nomenclature