CVE-2023-53803

high

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() A fix for: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x949/0xe30 [ses] Read of size 1 at addr ffff88a1b043a451 by task systemd-udevd/3271 Checking after (and before in next loop) addl_desc_ptr[1] is sufficient, we expect the size to be sanitized before first access to addl_desc_ptr[1]. Make sure we don't walk beyond end of page.

References

https://git.kernel.org/stable/c/e4dd25da784b2e07dbfbf04509afa4c5a1375227

https://git.kernel.org/stable/c/da1a955c48a16e16e925d6544793914e52a6fa51

https://git.kernel.org/stable/c/9e5c7d52085b8c84bc82a261580f0eb170039325

https://git.kernel.org/stable/c/9b4f5028e493cb353a5c8f5c45073eeea0303abd

https://git.kernel.org/stable/c/799e8dd2022d2e13f0c5c1906b40ceca07a23349

https://git.kernel.org/stable/c/467afb1dd630d8c6d172bd6cacc125199b5f4f2d

https://git.kernel.org/stable/c/2b28a7d261cb309912596d6a2d383ca370483527

https://git.kernel.org/stable/c/0dfe68394cbe1d4fe579fb325ecc813c50528c5a

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-09

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00024