{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53165", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-15T13:59:19.063Z", "datePublished": "2025-09-15T14:03:53.987Z", "dateUpdated": "2025-10-29T10:50:22.490Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-29T10:50:22.490Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix uninitialized array access for some pathnames\n\nFor filenames that begin with . and are between 2 and 5 characters long,\nUDF charset conversion code would read uninitialized memory in the\noutput buffer. The only practical impact is that the name may be prepended a\n\"unification hash\" when it is not actually needed but still it is good\nto fix this."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/udf/unicode.c"], "versions": [{"version": "484a10f49387e4386bf2708532e75bf78ffea2cb", "lessThan": "008ae78d1e12efa904dc819b1ec83e2bca6b2c56", "status": "affected", "versionType": "git"}, {"version": "484a10f49387e4386bf2708532e75bf78ffea2cb", "lessThan": "b37f998d357102e8eb0f8eeb33f03fff22e49cbf", "status": "affected", "versionType": "git"}, {"version": "484a10f49387e4386bf2708532e75bf78ffea2cb", "lessThan": "3f1368af47acf4d0b2a5fb0d2c0d6919d2234b6d", "status": "affected", "versionType": "git"}, {"version": "484a10f49387e4386bf2708532e75bf78ffea2cb", "lessThan": "4503f6fc95d6dee85fb2c54785848799e192c51c", "status": "affected", "versionType": "git"}, {"version": "484a10f49387e4386bf2708532e75bf78ffea2cb", "lessThan": "985f9666698960dfc87a106d6314203fa90fda75", "status": "affected", "versionType": "git"}, {"version": "484a10f49387e4386bf2708532e75bf78ffea2cb", "lessThan": "a6824149809395dfbb5bc36bc7057cc3cb84e56d", "status": "affected", "versionType": "git"}, {"version": "484a10f49387e4386bf2708532e75bf78ffea2cb", "lessThan": "4d50988da0db167aed6f38685145cb5cd526c4f8", "status": "affected", "versionType": "git"}, {"version": "484a10f49387e4386bf2708532e75bf78ffea2cb", "lessThan": "028f6055c912588e6f72722d89c30b401bbcf013", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/udf/unicode.c"], "versions": [{"version": "4.6", "status": "affected"}, {"version": "0", "lessThan": "4.6", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.324", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.293", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.255", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.192", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.123", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.42", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.7", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "4.14.324"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "4.19.293"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "5.4.255"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "5.10.192"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "5.15.123"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.1.42"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.4.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/008ae78d1e12efa904dc819b1ec83e2bca6b2c56"}, {"url": "https://git.kernel.org/stable/c/b37f998d357102e8eb0f8eeb33f03fff22e49cbf"}, {"url": "https://git.kernel.org/stable/c/3f1368af47acf4d0b2a5fb0d2c0d6919d2234b6d"}, {"url": "https://git.kernel.org/stable/c/4503f6fc95d6dee85fb2c54785848799e192c51c"}, {"url": "https://git.kernel.org/stable/c/985f9666698960dfc87a106d6314203fa90fda75"}, {"url": "https://git.kernel.org/stable/c/a6824149809395dfbb5bc36bc7057cc3cb84e56d"}, {"url": "https://git.kernel.org/stable/c/4d50988da0db167aed6f38685145cb5cd526c4f8"}, {"url": "https://git.kernel.org/stable/c/028f6055c912588e6f72722d89c30b401bbcf013"}], "title": "udf: Fix uninitialized array access for some pathnames", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "94AF6CA8-E08C-4CCA-8F8D-A37A42B78202", "versionEndExcluding": "4.14.324", "versionStartIncluding": "4.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "39603052-E341-4096-8535-38D44A60E845", "versionEndExcluding": "4.19.293", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1379E40A-2AC3-484E-929A-7F46B6C3B521", "versionEndExcluding": "5.4.255", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9396FFDC-6A0D-44B7-9368-21B456F6D4AE", "versionEndExcluding": "5.10.192", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "372C0BAA-44F5-4829-A7B0-E4924B682DA4", "versionEndExcluding": "5.15.123", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E769E6A-7EEF-4FA8-BF41-6CA1CE537361", "versionEndExcluding": "6.1.42", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "60A1A1ED-EA6C-42F6-80D3-3316DC7608C7", "versionEndExcluding": "6.4.7", "versionStartIncluding": "6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix uninitialized array access for some pathnames\n\nFor filenames that begin with . and are between 2 and 5 characters long,\nUDF charset conversion code would read uninitialized memory in the\noutput buffer. The only practical impact is that the name may be prepended a\n\"unification hash\" when it is not actually needed but still it is good\nto fix this."}], "id": "CVE-2023-53165", "lastModified": "2025-11-24T21:02:23.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-09-15T14:15:38.220", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/008ae78d1e12efa904dc819b1ec83e2bca6b2c56"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/028f6055c912588e6f72722d89c30b401bbcf013"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f1368af47acf4d0b2a5fb0d2c0d6919d2234b6d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4503f6fc95d6dee85fb2c54785848799e192c51c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4d50988da0db167aed6f38685145cb5cd526c4f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/985f9666698960dfc87a106d6314203fa90fda75"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a6824149809395dfbb5bc36bc7057cc3cb84e56d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b37f998d357102e8eb0f8eeb33f03fff22e49cbf"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: udf: Fix uninitialized array access for some pathnames", "id": "2395247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395247"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2023-53165", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53165\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53165\nhttps://lore.kernel.org/linux-cve-announce/2025091553-CVE-2023-53165-a7c4@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-09-17T10:08:21.387793+00:00", "updated": "2025-09-17T10:08:21.387845+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}