AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2023-53667: In the Linux kernel, the following vulnerability has been resolved: net: cdc_ncm: Deal with too low values of dwNtbOutM

mediumvulnerability

security

Source: NVD/CVE DatabaseOctober 7, 2025CVE-2023-53667

Summary

A bug in the Linux kernel's CDC NCM network driver (cdc_ncm_check_tx_max function) caused a crash when dwNtbOutMaxSize (a device setting that specifies maximum transmission buffer size) was set to very low values. The problem occurred because memory allocated for network data packets (SKBs, which are data structures for handling network traffic) didn't have enough space for both the SKB header structures and the actual network data, causing the kernel to panic when trying to write data beyond the allocated bounds.

Solution / Mitigation

The fix clamps dwNtbOutMaxSize to a valid range between USB_CDC_NCM_NTB_MIN_OUT_SIZE and CDC_NCM_NTB_MAX_SIZE_TX, ensuring that enough memory space is allocated to handle both the CDC network data and the SKB header structures without overflow.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-476

Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-53667

First tracked: February 15, 2026 at 08:36 PM

Classified by LLM (prompt v3) · confidence: 95%