CVE-2023-54057 — Classic Buffer Overflow in Linux

CWE-120 — Classic Buffer Overflow7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 89.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter The 'acpiid' buffer in the parse_ivrs_acpihid function may overflow, because the string specifier in the format string sscanf() has no width limitation. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.7.0 — 5.4.237+4

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linuxca3bf5d47cec8b7614bcb2e9132c40081d6d81db — 5e97dc748d13fad582136ba0c8cec215c7aeeb17+6

▶debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

OSV

iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter↗2025-12-24

▶

GHSA

GHSA-25gw-vwhh-r379: In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter T↗2025-12-24

▶

OSV

CVE-2023-54057: In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter The↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter↗2025-12-24

▶

Debian

CVE-2023-54057: linux - In the Linux kernel, the following vulnerability has been resolved: iommu/amd: ...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54057 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶