CVE-2023-53395Improper Validation of Array Index in Linux

CWE-129Improper Validation of Array IndexCWE-20Improper Input Validation5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of no argument, AML_NO_OPERAND_RESOLVE flag is added to ASL Timer instruction opcode. When ASL timer instruction interpreted by ACPI interpreter, getting error. After adding AML_NO_OPERAND_RESOLVE f

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel4.154.19.295+6
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac22f2a5905303ae230b5159fcd8cdcd5b3e7ad5e2d+8
debiandebian/linux< linux 6.1.55-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-6vh6-mcx4-3wx2: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f2025-09-18
OSV
CVE-2023-53395: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f5a2025-09-18

📋Vendor Advisories

2
Red Hat
kernel: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer2025-09-18
Debian
CVE-2023-53395: linux - In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add...2023
CVE-2023-53395 — Improper Validation of Array Index | cvebase