CVE-2023-53989Improper Validation of Specified Index, Position, or Offset in Input in Linux

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check Both create_mapping_noalloc() and update_mapping_prot() sanity-check their 'virt' parameter, but the check itself doesn't make much sense. The condition used today appears to be a historical accident. The sanity-check condition: if ((virt >= PAGE_END) && (virt = VA_START) && (virt = PAGE_END) && (virt < VMALLOC_START)) { [ ... warning here ... ] return; } Correct the condition to check a

Affected Packages4 packages

Linuxlinux/linux_kernel5.4.05.4.251+3
Debianlinux/linux_kernel< 5.10.191-1+2
CVEListV5linux/linux14c127c957c1c6070647c171e72f06e0db275ebf9d8d3df71516ec3236d8d93ff029d251377ba4b1+5
debiandebian/linux< linux 5.10.191-1 (bullseye)

🔴Vulnerability Details

3
OSV
CVE-2023-53989: In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check Both create_mapping_noalloc() and update_mapp2025-12-24
OSV
arm64: mm: fix VA-range sanity check2025-12-24
GHSA
GHSA-49xq-j8p7-h965: In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check Both create_mapping_noalloc() and update_ma2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: arm64: mm: fix VA-range sanity check2025-12-24
Debian
CVE-2023-53989: linux - In the Linux kernel, the following vulnerability has been resolved: arm64: mm: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-53989 Impact, Exploitability, and Mitigation Steps | Wiz