SB20251001124 - Buffer overflow in Linux kernel virtio driver
Published: October 1, 2025 Updated: October 27, 2025
Security Bulletin ID
SB20251001124
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2023-53515)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the virtio_mmio_release_dev() and virtio_mmio_probe() functions in drivers/virtio/virtio_mmio.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2dcb368fe5a8eee498ca75c93a18ce2f3b0d6a8e
- https://git.kernel.org/stable/c/3ff54d904fafabd0912796785e53cce4e69ca123
- https://git.kernel.org/stable/c/55c91fedd03d7b9cf0c5199b2eb12b9b8e95281a
- https://git.kernel.org/stable/c/5b7d5c2dd664eb8b9a06ecbc06e28d39359c422e
- https://git.kernel.org/stable/c/97a2d55ead76358245b446efd87818e919196d7a
- https://git.kernel.org/stable/c/af5818c35173e096085c6ae2e3aac605d3d15e41
- https://git.kernel.org/stable/c/b788ad3b2468512339c05f23692e36860264e674
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.255