CVE ID : CVE-2023-53686<\/p>\n
Published : Oct. 7, 2025, 4:15 p.m. | 19\u00a0minutes ago<\/p>\n
Description : In the Linux kernel, the following vulnerability has been resolved:<\/p>\n
net\/handshake: fix null-ptr-deref in handshake_nl_done_doit()<\/p>\n
We should not call trace_handshake_cmd_done_err() if socket lookup has failed.<\/p>\n
Also we should call trace_handshake_cmd_done_err() before releasing the file,
\notherwise dereferencing sock->sk can return garbage.<\/p>\n
This also reverts 7afc6d0a107f (“net\/handshake: Fix uninitialized local variable”)<\/p>\n
Unable to handle kernel paging request at virtual address dfff800000000003
\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:
\nESR = 0x0000000096000005
\nEC = 0x25: DABT (current EL), IL = 32 bits
\nSET = 0, FnV = 0
\nEA = 0, S1PTW = 0
\nFSC = 0x05: level 1 translation fault
\nData abort info:
\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0
\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
\n[dfff800000000003] address between user and kernel address ranges
\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP
\nModules linked in:
\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0
\nHardware name: Google Google Compute Engine\/Google Compute Engine, BIOS Google 07\/26\/2023
\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–)
\npc : handshake_nl_done_doit+0x198\/0x9c8 net\/handshake\/netlink.c:193
\nlr : handshake_nl_done_doit+0x180\/0x9c8
\nsp : ffff800096e37180
\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000
\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8
\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000
\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000
\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001
\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000
\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003
\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000
\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078
\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000
\nCall trace:
\nhandshake_nl_done_doit+0x198\/0x9c8 net\/handshake\/netlink.c:193
\ngenl_family_rcv_msg_doit net\/netlink\/genetlink.c:970 [inline]\ngenl_family_rcv_msg net\/netlink\/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c\/0xc50 net\/netlink\/genetlink.c:1067
\nnetlink_rcv_skb+0x214\/0x3c4 net\/netlink\/af_netlink.c:2549
\ngenl_rcv+0x38\/0x50 net\/netlink\/genetlink.c:1078
\nnetlink_unicast_kernel net\/netlink\/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660\/0x8d4 net\/netlink\/af_netlink.c:1365
\nnetlink_sendmsg+0x834\/0xb18 net\/netlink\/af_netlink.c:1914
\nsock_sendmsg_nosec net\/socket.c:725 [inline]\nsock_sendmsg net\/socket.c:748 [inline]\n____sys_sendmsg+0x56c\/0x840 net\/socket.c:2494
\n___sys_sendmsg net\/socket.c:2548 [inline]\n__sys_sendmsg+0x26c\/0x33c net\/socket.c:2577
\n__do_sys_sendmsg net\/socket.c:2586 [inline]\n__se_sys_sendmsg net\/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80\/0x94 net\/socket.c:2584
\n__invoke_syscall arch\/arm64\/kernel\/syscall.c:37 [inline]\ninvoke_syscall+0x98\/0x2b8 arch\/arm64\/kernel\/syscall.c:51
\nel0_svc_common+0x130\/0x23c arch\/arm64\/kernel\/syscall.c:136
\ndo_el0_svc+0x48\/0x58 arch\/arm64\/kernel\/syscall.c:155
\nel0_svc+0x58\/0x16c arch\/arm64\/kernel\/entry-common.c:678
\nel0t_64_sync_handler+0x84\/0xfc arch\/arm64\/kernel\/entry-common.c:696
\nel0t_64_sync+0x190\/0x194 arch\/arm64\/kernel\/entry.S:591
\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)<\/p>\n
Severity: 0.0 | NA<\/p>\n
Visit the link for more details, such as CVSS details, affected products, timeline, and more…\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"
CVE ID : CVE-2023-53686 Published : Oct. 7, 2025, 4:15 p.m. | 19\u00a0minutes ago Description : In the Linux kernel, the following vulnerability has been resolved: net\/handshake: fix null-ptr-deref in handshake_nl_done_doit() We should not call trace_handshake_cmd_done_err() if socket lookup has failed. Also we should call trace_handshake_cmd_done_err() before releasing the file, otherwise dereferencing sock->sk can return …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-71115","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71115","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=71115"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71115\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=71115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=71115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=71115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}