-
CVE-2023-53487
- EPSS 0.03%
- Published 01.10.2025 12:15:51
- Last modified 02.10.2025 19:12:17
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas_flash: allow user copy to flash block cache objects
With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the
/proc/powerpc/rtas/firmware_update interface to prepare a system
firmware update yields a BUG():
kernel BUG at mm/usercopy.c:102!
Oops: Exception in kernel mode, sig: 5 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
Modules linked in:
CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2
Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860_146) hv:phyp pSeries
NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000
REGS: c0000000148c76a0 TRAP: 0700 Not tainted (6.5.0-rc3+)
MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 24002242 XER: 0000000c
CFAR: c0000000001fbd34 IRQMASK: 0
[ ... GPRs omitted ... ]
NIP usercopy_abort+0xa0/0xb0
LR usercopy_abort+0x9c/0xb0
Call Trace:
usercopy_abort+0x9c/0xb0 (unreliable)
__check_heap_object+0x1b4/0x1d0
__check_object_size+0x2d0/0x380
rtas_flash_write+0xe4/0x250
proc_reg_write+0xfc/0x160
vfs_write+0xfc/0x4e0
ksys_write+0x90/0x160
system_call_exception+0x178/0x320
system_call_common+0x160/0x2c4
The blocks of the firmware image are copied directly from user memory
to objects allocated from flash_block_cache, so flash_block_cache must
be created using kmem_cache_create_usercopy() to mark it safe for user
access.
[mpe: Trim and indent oops]Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
8f09cc15dcd91d16562400c51d24c7be0d5796fa
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
1d29e21ed09fa668416fa7721e08d451b9903485
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
0ba7f969be599e21d4b1f1e947593de6515f4996
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
8ef25fb13494e35c6dbe15445c7875fa92bc3e8b
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
b8fee83aa4ed3846c7f50a0b364bc699f48d96e5
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
6acb8a453388374fafb3c3b37534b675b2aa0ae1
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
Version <
4f3175979e62de3b929bfa54a0db4b87d36257a7
Version
6d07d1cd300f4c7e16005f881fea388164999cc8
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
4.16
Status
affected
Version <
4.16
Version
0
Status
unaffected
Version <=
4.19.*
Version
4.19.293
Status
unaffected
Version <=
5.4.*
Version
5.4.255
Status
unaffected
Version <=
5.10.*
Version
5.10.192
Status
unaffected
Version <=
5.15.*
Version
5.15.128
Status
unaffected
Version <=
6.1.*
Version
6.1.47
Status
unaffected
Version <=
6.4.*
Version
6.4.12
Status
unaffected
Version <=
*
Version
6.5
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.081 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|