Bug 2396379 (CVE-2023-53373) - CVE-2023-53373 kernel: crypto: seqiv - Handle EBUSY correctly
Summary: CVE-2023-53373 kernel: crypto: seqiv - Handle EBUSY correctly
Keywords:
Status: NEW
Alias: CVE-2023-53373
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-18 14:01 UTC by OSIDB Bzimport
Modified: 2025-11-12 13:48 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:17760 0 None None None 2025-10-13 04:01:38 UTC
Red Hat Product Errata RHSA-2025:18297 0 None None None 2025-10-20 02:40:13 UTC
Red Hat Product Errata RHSA-2025:18298 0 None None None 2025-10-20 02:31:21 UTC
Red Hat Product Errata RHSA-2025:19104 0 None None None 2025-10-27 16:19:28 UTC
Red Hat Product Errata RHSA-2025:19268 0 None None None 2025-10-29 15:11:52 UTC
Red Hat Product Errata RHSA-2025:19492 0 None None None 2025-11-03 15:53:42 UTC
Red Hat Product Errata RHSA-2025:21051 0 None None None 2025-11-12 00:31:29 UTC
Red Hat Product Errata RHSA-2025:21063 0 None None None 2025-11-12 02:37:55 UTC
Red Hat Product Errata RHSA-2025:21082 0 None None None 2025-11-12 04:25:20 UTC
Red Hat Product Errata RHSA-2025:21083 0 None None None 2025-11-12 05:14:44 UTC
Red Hat Product Errata RHSA-2025:21084 0 None None None 2025-11-12 05:16:56 UTC
Red Hat Product Errata RHSA-2025:21112 0 None None None 2025-11-12 11:25:18 UTC
Red Hat Product Errata RHSA-2025:21128 0 None None None 2025-11-12 13:48:55 UTC

Description OSIDB Bzimport 2025-09-18 14:01:39 UTC 
In the Linux kernel, the following vulnerability has been resolved:

crypto: seqiv - Handle EBUSY correctly

As it is seqiv only handles the special return value of EINPROGERSS,
which means that in all other cases it will free data related to the
request.

However, as the caller of seqiv may specify MAY_BACKLOG, we also need
to expect EBUSY and treat it in the same way.  Otherwise backlogged
requests will trigger a use-after-free.
Comment 1 Keith Grant 2025-09-18 16:22:58 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091855-CVE-2023-53373-087e@gregkh/T
Comment 3 errata-xmlrpc 2025-10-13 04:01:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:17760 https://access.redhat.com/errata/RHSA-2025:17760
Comment 4 errata-xmlrpc 2025-10-20 02:31:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:18298 https://access.redhat.com/errata/RHSA-2025:18298
Comment 5 errata-xmlrpc 2025-10-20 02:40:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:18297 https://access.redhat.com/errata/RHSA-2025:18297
Comment 8 errata-xmlrpc 2025-10-27 16:19:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:19104 https://access.redhat.com/errata/RHSA-2025:19104
Comment 10 errata-xmlrpc 2025-10-29 15:11:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:19268 https://access.redhat.com/errata/RHSA-2025:19268
Comment 11 errata-xmlrpc 2025-11-03 15:53:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:19492 https://access.redhat.com/errata/RHSA-2025:19492
Comment 12 errata-xmlrpc 2025-11-12 00:31:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:21051 https://access.redhat.com/errata/RHSA-2025:21051
Comment 13 errata-xmlrpc 2025-11-12 02:37:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:21063 https://access.redhat.com/errata/RHSA-2025:21063
Comment 14 errata-xmlrpc 2025-11-12 04:25:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:21082 https://access.redhat.com/errata/RHSA-2025:21082
Comment 15 errata-xmlrpc 2025-11-12 05:14:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:21083 https://access.redhat.com/errata/RHSA-2025:21083
Comment 16 errata-xmlrpc 2025-11-12 05:16:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:21084 https://access.redhat.com/errata/RHSA-2025:21084
Comment 17 errata-xmlrpc 2025-11-12 11:25:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:21112 https://access.redhat.com/errata/RHSA-2025:21112
Comment 18 errata-xmlrpc 2025-11-12 13:48:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:21128 https://access.redhat.com/errata/RHSA-2025:21128
Note You need to log in before you can comment on or make changes to this bug.