-

CVE-2023-54198

In the Linux kernel, the following vulnerability has been resolved:

tty: fix out-of-bounds access in tty_driver_lookup_tty()

When specifying an invalid console= device like console=tty3270,
tty_driver_lookup_tty() returns the tty struct without checking
whether index is a valid number.

To reproduce:

qemu-system-x86_64 -enable-kvm -nographic -serial mon:stdio \
-kernel ../linux-build-x86/arch/x86/boot/bzImage \
-append "console=ttyS0 console=tty3270"

This crashes with:

[    0.770599] BUG: kernel NULL pointer dereference, address: 00000000000000ef
[    0.771265] #PF: supervisor read access in kernel mode
[    0.771773] #PF: error_code(0x0000) - not-present page
[    0.772609] Oops: 0000 [#1] PREEMPT SMP PTI
[    0.774878] RIP: 0010:tty_open+0x268/0x6f0
[    0.784013]  chrdev_open+0xbd/0x230
[    0.784444]  ? cdev_device_add+0x80/0x80
[    0.784920]  do_dentry_open+0x1e0/0x410
[    0.785389]  path_openat+0xca9/0x1050
[    0.785813]  do_filp_open+0xaa/0x150
[    0.786240]  file_open_name+0x133/0x1b0
[    0.786746]  filp_open+0x27/0x50
[    0.787244]  console_on_rootfs+0x14/0x4d
[    0.787800]  kernel_init_freeable+0x1e4/0x20d
[    0.788383]  ? rest_init+0xc0/0xc0
[    0.788881]  kernel_init+0x11/0x120
[    0.789356]  ret_from_fork+0x22/0x30
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 3df6f492f500a16c231f07ccc6f6ed1302caddf9
Version 99f1fe189daf8e99a847e420567e49dd7ee2aae7
Status affected
Version < b79109d6470aaae7062998353e3a19449055829d
Version 99f1fe189daf8e99a847e420567e49dd7ee2aae7
Status affected
Version < 953a4a352a0c185460ae1449e4c6e6658e55fdfc
Version 99f1fe189daf8e99a847e420567e49dd7ee2aae7
Status affected
Version < 84ea44dc3e4ecb2632586238014bf6722aa5843b
Version 99f1fe189daf8e99a847e420567e49dd7ee2aae7
Status affected
Version < f9d9d25ad1f0d060eaf297a2f7f03b5855a45561
Version 99f1fe189daf8e99a847e420567e49dd7ee2aae7
Status affected
Version < 765566110eb0da3cf60198b0165ecceeaafa6444
Version 99f1fe189daf8e99a847e420567e49dd7ee2aae7
Status affected
Version < fcfeaa570f7a5c2d5f4f14931909531ff18b7fde
Version 99f1fe189daf8e99a847e420567e49dd7ee2aae7
Status affected
Version < db4df8e9d79e7d37732c1a1b560958e8dadfefa1
Version 99f1fe189daf8e99a847e420567e49dd7ee2aae7
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.28
Status affected
Version < 2.6.28
Version 0
Status unaffected
Version <= 4.14.*
Version 4.14.308
Status unaffected
Version <= 4.19.*
Version 4.19.276
Status unaffected
Version <= 5.4.*
Version 5.4.235
Status unaffected
Version <= 5.10.*
Version 5.10.173
Status unaffected
Version <= 5.15.*
Version 5.15.100
Status unaffected
Version <= 6.1.*
Version 6.1.18
Status unaffected
Version <= 6.2.*
Version 6.2.5
Status unaffected
Version <= *
Version 6.3
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.099
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.