CVE-2023-53703

EPSS 0.02%
Veröffentlicht 22.10.2025 13:23:41
Zuletzt bearbeitet 22.10.2025 21:12:48
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

HID: amd_sfh: Fix for shift-out-of-bounds

Shift operation of 'exp' and 'shift' variables exceeds the maximum number
of shift values in the u32 range leading to UBSAN shift-out-of-bounds.

...
[    6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50
[    6.120598] shift exponent 104 is too large for 64-bit type 'long unsigned int'
[    6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10
[    6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023
[    6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]
[    6.120687] Call Trace:
[    6.120690]  <TASK>
[    6.120694]  dump_stack_lvl+0x48/0x70
[    6.120704]  dump_stack+0x10/0x20
[    6.120707]  ubsan_epilogue+0x9/0x40
[    6.120716]  __ubsan_handle_shift_out_of_bounds+0x10f/0x170
[    6.120720]  ? psi_group_change+0x25f/0x4b0
[    6.120729]  float_to_int.cold+0x18/0xba [amd_sfh]
[    6.120739]  get_input_rep+0x57/0x340 [amd_sfh]
[    6.120748]  ? __schedule+0xba7/0x1b60
[    6.120756]  ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]
[    6.120764]  amd_sfh_work_buffer+0x91/0x180 [amd_sfh]
[    6.120772]  process_one_work+0x229/0x430
[    6.120780]  worker_thread+0x4a/0x3c0
[    6.120784]  ? __pfx_worker_thread+0x10/0x10
[    6.120788]  kthread+0xf7/0x130
[    6.120792]  ? __pfx_kthread+0x10/0x10
[    6.120795]  ret_from_fork+0x29/0x50
[    6.120804]  </TASK>
...

Fix this by adding the condition to validate shift ranges.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 5a45ed1ae34bb0e68944471f4bafb68e0a572791

Version 93ce5e0231d79189be4d9e5f9295807b18941419

Status affected

Version < 1e50bc2c177d4b2953d77037ac46ea0702d6aa1f

Version 93ce5e0231d79189be4d9e5f9295807b18941419

Status affected

Version < 87854366176403438d01f368b09de3ec2234e0f5

Version 93ce5e0231d79189be4d9e5f9295807b18941419

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version < 6.0

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.40

Status unaffected

Version <= 6.4.*

Version 6.4.5

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/5a45ed1ae34bb0e68944471f4bafb68e0a572791

https://git.kernel.org/stable/c/1e50bc2c177d4b2953d77037ac46ea0702d6aa1f

https://git.kernel.org/stable/c/87854366176403438d01f368b09de3ec2234e0f5

https://nvd.nist.gov/vuln/detail/CVE-2023-53703

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53703

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53703

EUVD