VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2023-53782

CVE-2023-53782

Description

In the Linux kernel, the following vulnerability has been resolved:

dccp: Fix out of bounds access in DCCP error handler

There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only want to access the first 8 bytes of the DCCP header. Actually, they also look at the DCCP sequence number, which is stored beyond 8 bytes, so an explicit pskb_may_pull() is required.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Fixed an out-of-bounds access in the Linux kernel DCCP error handler by ensuring the sequence number is fully pulled before access.

Vulnerability

An out-of-bounds access was discovered in the DCCP error handler in the Linux kernel. A previous incomplete fix assumed only the first 8 bytes of the DCCP header were needed, but the error handler also accesses the DCCP sequence number, which is stored beyond 8 bytes. This missing pskb_may_pull() call can cause the handler to read beyond the allocated skb data [1][2][3][4].

Exploitation

An attacker can send a specially crafted DCCP packet that triggers the error handler with an insufficiently pulled header. No special privileges are required if the system has a DCCP socket available. This attack vector is network-based and can be delivered over a DCCP connection.

Impact

A successful out-of-bounds read can lead to information disclosure (leaking kernel memory) or a denial of service (kernel crash). The severity is moderate, as it requires specific packet crafting and may be mitigated by network filtering.

Mitigation

The fix has been backported to stable kernel branches in commits [1], [2], [3], [4]. Users should update to the latest kernel versions to close the vulnerability.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

9
3533e1027255
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
177212bf6dc1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
7a7dd70cb954
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
4b8a938e329a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
6ecf09699eb1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f8a7f10a1dcc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
d8171411a661
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ec620c34f5fa
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
977ad86c2a1b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.