Login Sign Up

CVE-2023-53125

5.5 MEDIUM

📋 TL;DR

A memory leak vulnerability in the Linux kernel's smsc75xx USB Ethernet driver allows kernel memory contents to be exposed when processing network packets. This affects Linux systems using the smsc75xx driver for USB Ethernet adapters. Attackers could potentially read sensitive kernel memory data.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using smsc75xx USB Ethernet drivers; most servers and desktops without specific USB Ethernet adapters are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of kernel memory contents, potentially exposing sensitive data like encryption keys, passwords, or other system information to attackers.

🟠

Likely Case

Limited information disclosure of kernel memory fragments, potentially causing system instability or crashes in affected network interfaces.

🟢

If Mitigated

No impact if patched or if smsc75xx driver is not in use.

🌐 Internet-Facing: MEDIUM - Requires network access to the affected interface, but exploitation is complex and requires specific conditions.
🏢 Internal Only: LOW - Requires local network access and specific USB Ethernet hardware; most internal systems won't be affected.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploitation requires network access to the affected USB Ethernet interface and ability to send specially crafted packets; no public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 105db6574281e1e03fcbf87983f4fee111682306, 4a4de0a68b18485c68ab4f0cfa665b1633c6d277, 53966d572d056d6b234cfe76a5f9d60049d3c178, 8ee5df9c039e37b9d8eb5e3de08bfb7f53d31cb6, 9fabdd79051a9fe51388df099aff6e4b660fedd2

Vendor Advisory: https://git.kernel.org/stable/c/105db6574281e1e03fcbf87983f4fee111682306

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable smsc75xx module

linux

Prevent loading of vulnerable driver if not needed

echo 'blacklist smsc75xx' >> /etc/modprobe.d/blacklist.conf
rmmod smsc75xx

Network segmentation

all

Isolate systems using smsc75xx USB Ethernet adapters

🧯 If You Can't Patch

  • Disconnect or avoid using smsc75xx USB Ethernet adapters
  • Implement strict network access controls to limit traffic to affected interfaces

🔍 How to Verify

Check if Vulnerable:

Check if smsc75xx module is loaded: lsmod | grep smsc75xx AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and smsc75xx module loads without errors

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops or crash logs related to smsc75xx driver
  • Network interface errors on USB Ethernet adapters

Network Indicators:

  • Unusual network traffic patterns to/from USB Ethernet interfaces
  • Large packet anomalies on affected interfaces

SIEM Query:

source="kernel" AND (smsc75xx OR "USB Ethernet") AND (error OR panic OR oops)

📊 Metadata

CVE ID: CVE-2023-53125
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-401
EPSS Score: 0.02% exploit probability (5.7th percentile)
Published: May 2, 2025
Last Updated: November 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53125, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)