-
CVE-2023-53487
- EPSS 0.03%
- Veröffentlicht 01.10.2025 12:15:51
- Zuletzt bearbeitet 02.10.2025 19:12:17
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas_flash: allow user copy to flash block cache objects
With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the
/proc/powerpc/rtas/firmware_update interface to prepare a system
firmware update yields a BUG():
kernel BUG at mm/usercopy.c:102!
Oops: Exception in kernel mode, sig: 5 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
Modules linked in:
CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2
Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860_146) hv:phyp pSeries
NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000
REGS: c0000000148c76a0 TRAP: 0700 Not tainted (6.5.0-rc3+)
MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 24002242 XER: 0000000c
CFAR: c0000000001fbd34 IRQMASK: 0
[ ... GPRs omitted ... ]
NIP usercopy_abort+0xa0/0xb0
LR usercopy_abort+0x9c/0xb0
Call Trace:
usercopy_abort+0x9c/0xb0 (unreliable)
__check_heap_object+0x1b4/0x1d0
__check_object_size+0x2d0/0x380
rtas_flash_write+0xe4/0x250
proc_reg_write+0xfc/0x160
vfs_write+0xfc/0x4e0
ksys_write+0x90/0x160
system_call_exception+0x178/0x320
system_call_common+0x160/0x2c4
The blocks of the firmware image are copied directly from user memory
to objects allocated from flash_block_cache, so flash_block_cache must
be created using kmem_cache_create_usercopy() to mark it safe for user
access.
[mpe: Trim and indent oops]Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
8f09cc15dcd91d16562400c51d24c7be0d5796fa
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
1d29e21ed09fa668416fa7721e08d451b9903485
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
0ba7f969be599e21d4b1f1e947593de6515f4996
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
8ef25fb13494e35c6dbe15445c7875fa92bc3e8b
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
b8fee83aa4ed3846c7f50a0b364bc699f48d96e5
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
6acb8a453388374fafb3c3b37534b675b2aa0ae1
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
4f3175979e62de3b929bfa54a0db4b87d36257a7
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.16
Status
affected
Version <
4.16
Version
0
Status
unaffected
Version <=
4.19.*
Version
4.19.293
Status
unaffected
Version <=
5.4.*
Version
5.4.255
Status
unaffected
Version <=
5.10.*
Version
5.10.192
Status
unaffected
Version <=
5.15.*
Version
5.15.128
Status
unaffected
Version <=
6.1.*
Version
6.1.47
Status
unaffected
Version <=
6.4.*
Version
6.4.12
Status
unaffected
Version <=
*
Version
6.5
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.081 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|