CVE-2023-53238Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 95.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() The size of array 'priv->ports[]' is INNO_PHY_PORT_NUM. In the for loop, 'i' is used as the index for array 'priv->ports[]' with a check (i > INNO_PHY_PORT_NUM) which indicates that INNO_PHY_PORT_NUM is allowed value for 'i' in the same loop. This > comparison needs to be changed to >=, otherwise it potentially leads to an out of bounds write on the next ite

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel4.174.19.291+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxba8b0ee81fbbc249e60f84bf097bd56e8047c7422843a2e703f5cb85c9eeca11b7ee90861635a010+7
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-w5gr-gjhw-4xpq: In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() The size of2025-09-15
OSV
CVE-2023-53238: In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() The size of ar2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()2025-09-15
Debian
CVE-2023-53238: linux - In the Linux kernel, the following vulnerability has been resolved: phy: hisili...2023
CVE-2023-53238 — Out-of-bounds Read in Linux | cvebase