Login Sign Up

CVE-2023-52669

7.8 HIGH

📋 TL;DR

This CVE describes a buffer overread vulnerability in the Linux kernel's s390 AES CTR mode implementation. When processing the final block of data, the code reads a full block regardless of remaining data length, potentially exposing sensitive information. This affects Linux systems using s390 architecture with AES-CTR encryption.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE description; check kernel commit history for exact ranges
Operating Systems: Linux distributions running on s390/s390x architecture
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using s390 architecture with AES-CTR mode encryption. x86, ARM, and other architectures are not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of kernel memory contents, potentially exposing encryption keys, passwords, or other sensitive data from adjacent memory regions.

🟠

Likely Case

Limited information leak of kernel memory, potentially exposing some system information but not full control.

🟢

If Mitigated

No impact if systems are patched or don't use affected s390 AES-CTR implementation.

🌐 Internet-Facing: LOW - Requires local access to trigger the vulnerability through cryptographic operations.
🏢 Internal Only: MEDIUM - Local users or processes could potentially exploit this to read kernel memory.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger AES-CTR operations on s390 systems. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: a7f580cdb42ec3d53bbb7c4e4335a98423703285, cd51e26a3b89706beec64f2d8296cfb1c34e0c79, d07f951903fa9922c375b8ab1ce81b18a0034e3b, d68ac38895e84446848b7647ab9458d54cacba3e, dbc9a791a70ea47be9f2acf251700fe254a2ab23

Vendor Advisory: https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable s390 AES-CTR module

linux

Prevent loading of vulnerable cryptographic module

echo 'blacklist aes_s390' >> /etc/modprobe.d/blacklist.conf
rmmod aes_s390

🧯 If You Can't Patch

  • Restrict local user access to s390 systems
  • Monitor for unusual cryptographic operations or memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check if running on s390 architecture and using AES-CTR: 'uname -m' and check kernel version against patched commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits: 'uname -r' and check with distribution vendor

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages related to crypto operations
  • Unexpected memory access patterns in kernel logs

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

source="kernel" AND ("crypto" OR "aes" OR "s390") AND ("panic" OR "oops" OR "BUG")

📊 Metadata

CVE ID: CVE-2023-52669
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 17, 2024
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52669, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)