What is CVE-2023-41325?

CVE-2023-41325 is a Medium severity Linux kernel vulnerability with a CVSS score of 6.7 out of 10. CVE-2023-41325 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-41325?

CVE-2023-41325 has a CVSS score of 6.7 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2023-41325?

No patch is currently available for CVE-2023-41325. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2023-41325 actively exploited?

CVE-2023-41325 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-41325

Medium

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.

Package Linux Kernel

Published 2023-09-15

Last modified 2026-06-05

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

6.7

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-415

CVE-2023-41325 is classified as CWE-415

See CWE-415 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2023-41325 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

GitHub
https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm

Exploit Vendor Advisory
Kernel patch commit
https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a
Patch

Details

CVE ID CVE-2023-41325

Severity Medium

CVSS score 6.7 / 10

CVSS version 3.1

Published 2023-09-15

Modified 2026-06-05

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2023-41325?

CVE-2023-41325 is a Medium severity Linux kernel vulnerability with a CVSS score of 6.7 out of 10 . CVE-2023-41325 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2023-41325?

CVE-2023-41325 has a CVSS score of 6.7 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2023-41325?

No patch is currently available for CVE-2023-41325. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2023-41325 actively exploited?

No — CVE-2023-41325 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.