CVE-2023-53491: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53491 was disclosed on October 1, 2025, affecting the Linux kernel. The vulnerability relates to the implementation of stack protector functionality in the start_kernel function. This security issue emerged from the need to control stack protector omission on a per-function basis, particularly affecting callers of boot_init_stack_canary (Ubuntu Security, RedHat Security).

The vulnerability stems from the implementation of the __no_stack_protector function attribute in the Linux kernel. The issue specifically affects callers of boot_init_stack_canary when they are not compiled with -fno-stack-protector. In such cases, the canary stored in the stack slot of the caller will differ upon the call to boot_init_stack_canary, leading to a call to __stack_chk_fail() and subsequently causing a system panic. The vulnerability has been assigned a CVSS v3.1 score of 7.0, indicating a moderate to high severity level (RedHat Security).

When exploited, this vulnerability can cause system instability through kernel panics. The issue specifically affects the boot process and stack protection mechanisms, potentially compromising system security by interfering with stack canary protection mechanisms (RedHat Security).

Various Linux distributions have addressed this vulnerability through updates. For instance, Ubuntu has marked several kernel versions as 'Not affected' in recent releases, while others require updates. Red Hat has identified affected versions and provided patches for Red Hat Enterprise Linux 7, 8, and 9, including both standard and RT kernel variants (Ubuntu Security, RedHat Security).