[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2023-53659":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":39},"DEBIAN-CVE-2023-53659","In the Linux kernel, the following vulnerability has been resolved:  iavf: Fix out-of-bounds when setting channels on remove  If we set channels greater during iavf_remove(), and waiting reset done would be timeout, then returned with error but changed num_active_queues directly, that will lead to OOB like the following logs. Because the num_active_queues is greater than tx/rx_rings[] allocated actually.  Reproducer:    [root@host ~]# cat repro.sh   #!/bin/bash    pf_dbsf=\"0000:41:00.0\"   vf0_dbsf=\"0000:41:02.0\"   g_pids=()    function do_set_numvf()   {       echo 2 >/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs       sleep $((RANDOM%3+1))       echo 0 >/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs       sleep $((RANDOM%3+1))   }    function do_set_channel()   {       local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)       [ -z \"$nic\" ] && { sleep $((RANDOM%3)) ; return 1; }       ifconfig $nic 192.168.18.5 netmask 255.255.255.0       ifconfig $nic up       ethtool -L $nic combined 1       ethtool -L $nic combined 4       sleep $((RANDOM%3))   }    function on_exit()   {       local pid       for pid in \"${g_pids[@]}\"; do           kill -0 \"$pid\" &>/dev/null && kill \"$pid\" &>/dev/null       done       g_pids=()   }    trap \"on_exit; exit\" EXIT    while :; do do_set_numvf ; done &   g_pids+=($!)   while :; do do_set_channel ; done &   g_pids+=($!)    wait  Result:  [ 3506.152887] iavf 0000:41:02.0: Removing device [ 3510.400799] ================================================================== [ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf] [ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536 [ 3510.400823] [ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G           O     --------- -t - 4.18.0 #1 [ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021 [ 3510.400835] Call Trace: [ 3510.400851]  dump_stack+0x71/0xab [ 3510.400860]  print_address_description+0x6b/0x290 [ 3510.400865]  ? iavf_free_all_tx_resources+0x156/0x160 [iavf] [ 3510.400868]  kasan_report+0x14a/0x2b0 [ 3510.400873]  iavf_free_all_tx_resources+0x156/0x160 [iavf] [ 3510.400880]  iavf_remove+0x2b6/0xc70 [iavf] [ 3510.400884]  ? iavf_free_all_rx_resources+0x160/0x160 [iavf] [ 3510.400891]  ? wait_woken+0x1d0/0x1d0 [ 3510.400895]  ? notifier_call_chain+0xc1/0x130 [ 3510.400903]  pci_device_remove+0xa8/0x1f0 [ 3510.400910]  device_release_driver_internal+0x1c6/0x460 [ 3510.400916]  pci_stop_bus_device+0x101/0x150 [ 3510.400919]  pci_stop_and_remove_bus_device+0xe/0x20 [ 3510.400924]  pci_iov_remove_virtfn+0x187/0x420 [ 3510.400927]  ? pci_iov_add_virtfn+0xe10/0xe10 [ 3510.400929]  ? pci_get_subsys+0x90/0x90 [ 3510.400932]  sriov_disable+0xed/0x3e0 [ 3510.400936]  ? bus_find_device+0x12d/0x1a0 [ 3510.400953]  i40e_free_vfs+0x754/0x1210 [i40e] [ 3510.400966]  ? i40e_reset_all_vfs+0x880/0x880 [i40e] [ 3510.400968]  ? pci_get_device+0x7c/0x90 [ 3510.400970]  ? pci_get_subsys+0x90/0x90 [ 3510.400982]  ? pci_vfs_assigned.part.7+0x144/0x210 [ 3510.400987]  ? __mutex_lock_slowpath+0x10/0x10 [ 3510.400996]  i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e] [ 3510.401001]  sriov_numvfs_store+0x214/0x290 [ 3510.401005]  ? sriov_totalvfs_show+0x30/0x30 [ 3510.401007]  ? __mutex_lock_slowpath+0x10/0x10 [ 3510.401011]  ? __check_object_size+0x15a/0x350 [ 3510.401018]  kernfs_fop_write+0x280/0x3f0 [ 3510.401022]  vfs_write+0x145/0x440 [ 3510.401025]  ksys_write+0xab/0x160 [ 3510.401028]  ? __ia32_sys_read+0xb0/0xb0 [ 3510.401031]  ? fput_many+0x1a/0x120 [ 3510.401032]  ? filp_close+0xf0/0x130 [ 3510.401038]  do_syscall_64+0xa0/0x370 [ 3510.401041]  ? page_fault+0x8/0x30 [ 3510.401043]  entry_SYSCALL_64_after_hwframe+0x65/0xca [ 3510.401073] RIP: 0033:0x7f3a9bb842c0 [ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003C48> 3d  ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2023-53659",[],[],[],"2025-10-07T16:15:49.573Z","2026-04-28T20:27:07.000719Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2023-53659",[27],"osv_debian",[29],"Advisory",[],[],[33],{"source":27,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":34,"cvss_v4_0":9},{"baseScore":35,"baseSeverity":9,"vectorString":36,"impactScore":37,"exploitabilityScore":38},7.1,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",8.7,4.6,[40],{"ecosystem":41,"name":42,"vendor":43,"product":42,"cpe_part":9,"purl_type":44,"purl_namespace":43,"purl_name":42,"source":9,"versions":45},"Debian","linux","debian","deb",[46,52,55,58],{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":50,"version_end_type":51,"fixed_in":9},"lt5_10_191_1",true,"ecosystem","5.10.191-1","excluding",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},"lt6_1_52_1","6.1.52-1",{"version":56,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":57,"version_end_type":51,"fixed_in":9},"lt6_4_11_1","6.4.11-1",{"version":56,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":57,"version_end_type":51,"fixed_in":9}]