2395699 – (CVE-2023-53273) CVE-2023-53273 kernel: Drivers: vmbus: Check for channel allocation before looking up relids

Bug 2395699 (CVE-2023-53273) - CVE-2023-53273 kernel: Drivers: vmbus: Check for channel allocation before looking up relids

Summary: CVE-2023-53273 kernel: Drivers: vmbus: Check for channel allocation before lo...

Keywords:
Status:	NEW
Alias:	CVE-2023-53273
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-16 09:04 UTC by OSIDB Bzimport
Modified:	2025-10-01 14:33 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-16 09:04:24 UTC

In the Linux kernel, the following vulnerability has been resolved:

Drivers: vmbus: Check for channel allocation before looking up relids

relid2channel() assumes vmbus channel array to be allocated when called.
However, in cases such as kdump/kexec, not all relids will be reset by the host.
When the second kernel boots and if the guest receives a vmbus interrupt during
vmbus driver initialization before vmbus_connect() is called, before it finishes,
or if it fails, the vmbus interrupt service routine is called which in turn calls
relid2channel() and can cause a null pointer dereference.

Print a warning and error out in relid2channel() for a channel id that's invalid
in the second kernel.

Comment 1 Keith Grant 2025-09-16 14:42:56 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091622-CVE-2023-53273-b873@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.