CVE-2023-53768

EPSS 0.02%
Veröffentlicht 08.12.2025 01:19:31
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

regmap-irq: Fix out-of-bounds access when allocating config buffers

In the Linux kernel, the following vulnerability has been resolved:

regmap-irq: Fix out-of-bounds access when allocating config buffers

When allocating the 2D array for handling IRQ type registers in
regmap_add_irq_chip_fwnode(), the intent is to allocate a matrix
with num_config_bases rows and num_config_regs columns.

This is currently handled by allocating a buffer to hold a pointer for
each row (i.e. num_config_bases). After that, the logic attempts to
allocate the memory required to hold the register configuration for
each row. However, instead of doing this allocation for each row
(i.e. num_config_bases allocations), the logic erroneously does this
allocation num_config_regs number of times.

This scenario can lead to out-of-bounds accesses when num_config_regs
is greater than num_config_bases. Fix this by updating the terminating
condition of the loop that allocates the memory for holding the register
configuration to allocate memory only for each row in the matrix.

Amit Pundir reported a crash that was occurring on his db845c device
due to memory corruption (see "Closes" tag for Amit's report). The KASAN
report below helped narrow it down to this issue:

[   14.033877][    T1] ==================================================================
[   14.042507][    T1] BUG: KASAN: invalid-access in regmap_add_irq_chip_fwnode+0x594/0x1364
[   14.050796][    T1] Write of size 8 at addr 06ffff8081021850 by task init/1

[   14.242004][    T1] The buggy address belongs to the object at ffffff8081021850
[   14.242004][    T1]  which belongs to the cache kmalloc-8 of size 8
[   14.255669][    T1] The buggy address is located 0 bytes inside of
[   14.255669][    T1]  8-byte region [ffffff8081021850, ffffff8081021858)

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version faa87ce9196dbb074d75bd4aecb8bacf18f19b4e

Version < b1a726ad33e585e3d9fa70712df31ae105e4532c

Status affected

Version faa87ce9196dbb074d75bd4aecb8bacf18f19b4e

Version < 6e7b2337ecd028bd888a1a0be4115b8a88faf838

Status affected

Version faa87ce9196dbb074d75bd4aecb8bacf18f19b4e

Version < 963b54df82b6d6206d7def273390bf3f7af558e1

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version 0

Version < 6.0

Status unaffected

Version <= 6.1.*

Version 6.1.40

Status unaffected

Version <= 6.4.*

Version 6.4.5

Status unaffected

Version <= *

Version 6.5

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.067

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/b1a726ad33e585e3d9fa70712df31ae105e4532c

https://git.kernel.org/stable/c/6e7b2337ecd028bd888a1a0be4115b8a88faf838

https://git.kernel.org/stable/c/963b54df82b6d6206d7def273390bf3f7af558e1

https://nvd.nist.gov/vuln/detail/CVE-2023-53768

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53768

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53768

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-53768