{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53326","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-16T16:08:59.564Z","datePublished":"2025-09-16T16:12:01.464Z","dateUpdated":"2026-05-11T19:42:46.968Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:42:46.968Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc: Don't try to copy PPR for task with NULL pt_regs\n\npowerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which\nfrom my (arguably very short) checking is not commonly done for other\narchs. This is fine, except when PF_IO_WORKER's have been created and\nthe task does something that causes a coredump to be generated. Then we\nget this crash:\n\n  Kernel attempted to read user page (160) - exploit attempt? (uid: 1000)\n  BUG: Kernel NULL pointer dereference on read at 0x00000160\n  Faulting instruction address: 0xc0000000000c3a60\n  Oops: Kernel access of bad area, sig: 11 [#1]\n  LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=32 NUMA pSeries\n  Modules linked in: bochs drm_vram_helper drm_kms_helper xts binfmt_misc ecb ctr syscopyarea sysfillrect cbc sysimgblt drm_ttm_helper aes_generic ttm sg libaes evdev joydev virtio_balloon vmx_crypto gf128mul drm dm_mod fuse loop configfs drm_panel_orientation_quirks ip_tables x_tables autofs4 hid_generic usbhid hid xhci_pci xhci_hcd usbcore usb_common sd_mod\n  CPU: 1 PID: 1982 Comm: ppc-crash Not tainted 6.3.0-rc2+ #88\n  Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries\n  NIP:  c0000000000c3a60 LR: c000000000039944 CTR: c0000000000398e0\n  REGS: c0000000041833b0 TRAP: 0300   Not tainted  (6.3.0-rc2+)\n  MSR:  800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 88082828  XER: 200400f8\n  ...\n  NIP memcpy_power7+0x200/0x7d0\n  LR  ppr_get+0x64/0xb0\n  Call Trace:\n    ppr_get+0x40/0xb0 (unreliable)\n    __regset_get+0x180/0x1f0\n    regset_get_alloc+0x64/0x90\n    elf_core_dump+0xb98/0x1b60\n    do_coredump+0x1c34/0x24a0\n    get_signal+0x71c/0x1410\n    do_notify_resume+0x140/0x6f0\n    interrupt_exit_user_prepare_main+0x29c/0x320\n    interrupt_exit_user_prepare+0x6c/0xa0\n    interrupt_return_srr_user+0x8/0x138\n\nBecause ppr_get() is trying to copy from a PF_IO_WORKER with a NULL\npt_regs.\n\nCheck for a valid pt_regs in both ppc_get/ppr_set, and return an error\nif not set. The actual error value doesn't seem to be important here, so\njust pick -EINVAL.\n\n[mpe: Trim oops in change log, add Fixes & Cc stable]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/powerpc/kernel/ptrace/ptrace-view.c"],"versions":[{"version":"fa439810cc1b3c927ec24ede17d02467e1b143a1","lessThan":"80a4200d51e5a7e046f4a90f5faa5bafd5a60c58","status":"affected","versionType":"git"},{"version":"fa439810cc1b3c927ec24ede17d02467e1b143a1","lessThan":"7624973bc15b76d000e8e6f9b8080fcb76d36595","status":"affected","versionType":"git"},{"version":"fa439810cc1b3c927ec24ede17d02467e1b143a1","lessThan":"064a1c7b0f8403260d77627e62424a72ca26cee2","status":"affected","versionType":"git"},{"version":"fa439810cc1b3c927ec24ede17d02467e1b143a1","lessThan":"01849382373b867ddcbe7536b9dfa89f3bcea60e","status":"affected","versionType":"git"},{"version":"fa439810cc1b3c927ec24ede17d02467e1b143a1","lessThan":"fd7276189450110ed835eb0a334e62d2f1c4e3be","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/powerpc/kernel/ptrace/ptrace-view.c"],"versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","status":"unaffected","versionType":"semver"},{"version":"5.10.177","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.106","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.23","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.10","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.177"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.15.106"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.1.23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.2.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/80a4200d51e5a7e046f4a90f5faa5bafd5a60c58"},{"url":"https://git.kernel.org/stable/c/7624973bc15b76d000e8e6f9b8080fcb76d36595"},{"url":"https://git.kernel.org/stable/c/064a1c7b0f8403260d77627e62424a72ca26cee2"},{"url":"https://git.kernel.org/stable/c/01849382373b867ddcbe7536b9dfa89f3bcea60e"},{"url":"https://git.kernel.org/stable/c/fd7276189450110ed835eb0a334e62d2f1c4e3be"}],"title":"powerpc: Don't try to copy PPR for task with NULL pt_regs","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53326","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:28:49.760555Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:32:59.132Z"}}]}}