{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: virt/coco/sev-guest: Double-buffer messages",
    "id" : "2419909",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419909"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-319",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nvirt/coco/sev-guest: Double-buffer messages\nThe encryption algorithms read and write directly to shared unencrypted\nmemory, which may leak information as well as permit the host to tamper\nwith the message integrity. Instead, copy whole messages in or out as\nneeded before doing any computation on them." ],
  "statement" : "This vulnerability is rated as Moderate by Red Hat. The vulnerability primarily impacts confidentiality and integrity, because plaintext or intermediate values can be observed via shared unencrypted memory and as such there can be host-controlled modifications of the message buffer that can influence what is encrypted or verified and decrypted. Impact on availability is limited to tampering causing request failures or EBADMSG errors. However, triggering this vulnerability most likely requires elevated privileges that correspond to hypervisor or host-level control (typically higher than what a guest local user will possess).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-09-12T00:00:00Z",
    "advisory" : "RHSA-2023:5069",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.30.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-09-12T00:00:00Z",
    "advisory" : "RHSA-2023:5069",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.30.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53769\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53769\nhttps://lore.kernel.org/linux-cve-announce/2025120846-CVE-2023-53769-1a8b@gregkh/T" ],
  "name" : "CVE-2023-53769",
  "csaw" : false
}