FKIE_CVE-2023-53782
Vulnerability from fkie_nvd - Published: 2025-12-09 01:16 - Updated: 2026-06-17 06:46
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved:
dccp: Fix out of bounds access in DCCP error handler
There was a previous attempt to fix an out-of-bounds access in the DCCP
error handlers, but that fix assumed that the error handlers only want
to access the first 8 bytes of the DCCP header. Actually, they also look
at the DCCP sequence number, which is stored beyond 8 bytes, so an
explicit pskb_may_pull() is required.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/dccp/ipv4.c",
"net/dccp/ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3533e10272555c422a7d51ebc0ce8c483429f7f2",
"status": "affected",
"version": "6706a97fec963d6cb3f7fc2978ec1427b4651214",
"versionType": "git"
},
{
"lessThan": "177212bf6dc1ff2d13d0409cddc5c9e81feec63d",
"status": "affected",
"version": "6706a97fec963d6cb3f7fc2978ec1427b4651214",
"versionType": "git"
},
{
"lessThan": "7a7dd70cb954d3efa706a429687ded88c02496fa",
"status": "affected",
"version": "6706a97fec963d6cb3f7fc2978ec1427b4651214",
"versionType": "git"
},
{
"lessThan": "4b8a938e329ae4eb54b73b0c87b5170607b038a8",
"status": "affected",
"version": "6706a97fec963d6cb3f7fc2978ec1427b4651214",
"versionType": "git"
},
{
"lessThan": "6ecf09699eb1554299aa1e7fd13e9e80f656c2f9",
"status": "affected",
"version": "6706a97fec963d6cb3f7fc2978ec1427b4651214",
"versionType": "git"
},
{
"lessThan": "f8a7f10a1dccf9868ff09342a73dce27501b86df",
"status": "affected",
"version": "6706a97fec963d6cb3f7fc2978ec1427b4651214",
"versionType": "git"
},
{
"lessThan": "d8171411a661253e6271fa10b65b46daf1b6471c",
"status": "affected",
"version": "6706a97fec963d6cb3f7fc2978ec1427b4651214",
"versionType": "git"
},
{
"lessThan": "ec620c34f5fa5d055f9f6136a387755db6157712",
"status": "affected",
"version": "6706a97fec963d6cb3f7fc2978ec1427b4651214",
"versionType": "git"
},
{
"lessThan": "977ad86c2a1bcaf58f01ab98df5cc145083c489c",
"status": "affected",
"version": "6706a97fec963d6cb3f7fc2978ec1427b4651214",
"versionType": "git"
},
{
"status": "affected",
"version": "96106a207ae972d8f9e4815e84c159f29e4bbee7",
"versionType": "git"
},
{
"status": "affected",
"version": "261def571d19d3b4e2228643c5c0ac89f5e10d15",
"versionType": "git"
},
{
"status": "affected",
"version": "dbf1719c65fb0368a94d15767c669e47e295a073",
"versionType": "git"
},
{
"status": "affected",
"version": "46b1ffd4738a3ee04b2e8f5a4b8cfc39e9c722a2",
"versionType": "git"
},
{
"status": "affected",
"version": "a2df29ed840f90e459a3f8ff029b216be3912731",
"versionType": "git"
},
{
"status": "affected",
"version": "ba93cf7d2118774c0b2dcfccc8ae999427815caa",
"versionType": "git"
},
{
"status": "affected",
"version": "4ca7e66fcce02459fa6961979f9fe30ae1098cf0",
"versionType": "git"
},
{
"status": "affected",
"version": "bd380617d5d161ea2bbe7a8073b3ca7bca0381e5",
"versionType": "git"
},
{
"status": "affected",
"version": "bfe7d1dee859cad6802f8e21a0a863f408114612",
"versionType": "git"
},
{
"status": "affected",
"version": "968953df833c61fce5adcc0612efeaced24e5719",
"versionType": "git"
},
{
"status": "affected",
"version": "99131760a8851e6e5b2c9b24d0a68a3068923a08",
"versionType": "git"
},
{
"status": "affected",
"version": "84d9c612bb7a9e44c6bf286bedfbe72a6d2d71d4",
"versionType": "git"
},
{
"lessThan": "3.3",
"status": "affected",
"version": "3.2.87",
"versionType": "semver"
},
{
"lessThan": "3.11",
"status": "affected",
"version": "3.10.105",
"versionType": "semver"
},
{
"lessThan": "3.13",
"status": "affected",
"version": "3.12.68",
"versionType": "semver"
},
{
"lessThan": "3.17",
"status": "affected",
"version": "3.16.42",
"versionType": "semver"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.34",
"versionType": "semver"
},
{
"lessThan": "4.9",
"status": "affected",
"version": "4.8.10",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/dccp/ipv4.c",
"net/dccp/ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.326",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.295",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.257",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.195",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.132",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.*",
"status": "unaffected",
"version": "6.4.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix out of bounds access in DCCP error handler\n\nThere was a previous attempt to fix an out-of-bounds access in the DCCP\nerror handlers, but that fix assumed that the error handlers only want\nto access the first 8 bytes of the DCCP header. Actually, they also look\nat the DCCP sequence number, which is stored beyond 8 bytes, so an\nexplicit pskb_may_pull() is required."
}
],
"id": "CVE-2023-53782",
"lastModified": "2026-06-17T06:46:03.850",
"metrics": {},
"published": "2025-12-09T01:16:49.407",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/177212bf6dc1ff2d13d0409cddc5c9e81feec63d"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/3533e10272555c422a7d51ebc0ce8c483429f7f2"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/4b8a938e329ae4eb54b73b0c87b5170607b038a8"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/6ecf09699eb1554299aa1e7fd13e9e80f656c2f9"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/7a7dd70cb954d3efa706a429687ded88c02496fa"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/977ad86c2a1bcaf58f01ab98df5cc145083c489c"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/d8171411a661253e6271fa10b65b46daf1b6471c"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/ec620c34f5fa5d055f9f6136a387755db6157712"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/f8a7f10a1dccf9868ff09342a73dce27501b86df"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Deferred"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…