Vulnerability DatabaseCVE-2025-23153

CVE-2025-23153:
Linux Ubuntu vulnerability analysis and mitigation

Overview

CVE-2025-23153 is a vulnerability discovered in the Linux kernel's arm/crc-t10dif component, specifically affecting the crc_t10dif_arch() function. The vulnerability was disclosed on May 1, 2025, and involves the improper use of an array outside its defined scope (NVD, Wiz).

Technical details

The vulnerability stems from an implementation flaw in the crct10dif_arch() function within the Linux kernel's arm/crc-t10dif component. The issue has been characterized as a 'silly bug' where an array is accessed beyond its defined scope. The vulnerability has received a CVSS v3.1 base score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

Impact

The vulnerability can potentially lead to memory corruption or system instability in affected Linux kernel implementations. The impact is primarily focused on availability, as indicated by the CVSS scoring which shows no impact on confidentiality or integrity but a high impact on availability (Red Hat, Wiz).

Mitigation and workarounds

The vulnerability has been resolved in the Linux kernel through patches available in the kernel's source code management system. Ubuntu has marked this as a medium priority issue and is working on updates for affected systems, particularly for Ubuntu 25.04 plucky release (Ubuntu).

Additional resources

Source: This report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-21441	HIGH	8.9	Python	rhel8::nginx-124	No	Yes	Jan 07, 2026
CVE-2025-13151	HIGH	7.5	Linux Debian	libtasn1-6	No	Yes	Jan 07, 2026
CVE-2025-68766	HIGH	7.1	Linux Debian	linux-azure-fde	No	Yes	Jan 05, 2026
CVE-2025-68765	MEDIUM	5.5	Linux Debian	linux-azure-fde-6.8	No	Yes	Jan 05, 2026
CVE-2025-68764	MEDIUM	5.5	Linux Kernel	linux-oracle-6.8	No	Yes	Jan 05, 2026