Login Sign Up

CVE-2023-53296

5.5 MEDIUM
Denial of Service

📋 TL;DR

This Linux kernel vulnerability in the SCTP protocol implementation allows a race condition where a thread can send data to a non-existent stream after stream count changes, potentially causing a kernel crash. It affects systems using SCTP networking with multi-threaded applications. The vulnerability requires local access or network access to SCTP services.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE; check kernel commit history for exact ranges
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if SCTP protocol is enabled and in use; many distributions disable SCTP by default or compile it as module.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially disrupting critical network services.

🟠

Likely Case

System crash or kernel panic affecting SCTP-dependent services, causing temporary service disruption until system reboot.

🟢

If Mitigated

Minimal impact if SCTP is disabled or unused, or if systems are patched before exploitation.

🌐 Internet-Facing: MEDIUM - SCTP is less common than TCP/UDP but used in telecom and specialized applications; exploitation requires network access to SCTP services.
🏢 Internal Only: MEDIUM - Internal systems using SCTP for inter-service communication could be affected by malicious internal actors or buggy applications.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires race condition timing and SCTP stream manipulation; likely requires local access or network access to SCTP endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 0443fff49d63, 2584024b2355, 667eb99cf7c1, 9346a1a21142, a615e7270318

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution vendor. 2. Reboot system to load new kernel. 3. Verify SCTP module loads correctly if used.

🔧 Temporary Workarounds

Disable SCTP protocol

Linux

Prevent exploitation by disabling SCTP kernel module if not required

echo 'install sctp /bin/true' >> /etc/modprobe.d/disable-sctp.conf
rmmod sctp 2>/dev/null || true

🧯 If You Can't Patch

  • Disable SCTP at kernel module level using modprobe blacklist
  • Implement network filtering to block SCTP traffic (protocol 132) at firewalls

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if SCTP is enabled: 'uname -r' and 'lsmod | grep sctp'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or is newer than patched versions; check with 'uname -r' and distribution patch notes

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • KASAN null-ptr-deref errors in kernel logs
  • SCTP connection failures

Network Indicators:

  • Unusual SCTP stream manipulation patterns
  • Multiple SCTP INIT/INIT-ACK exchanges

SIEM Query:

source="kernel" AND ("KASAN: null-ptr-deref" OR "sctp" AND "panic")

📊 Metadata

CVE ID: CVE-2023-53296
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.01% exploit probability (1.2th percentile)
Published: September 16, 2025
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53296, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)