CVE-2023-54139 — Linux vulnerability

7 documents6 sources

Severity

5.3MEDIUM

No vector

EPSS

0.0%

top 92.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: tracing/user_events: Ensure write index cannot be negative The write index indicates which event the data is for and accesses a per-file array. The index is passed by user processes during write() calls as the first 4 bytes. Ensure that it cannot be negative by returning -EINVAL to prevent out of bounds accesses. Update ftrace self-test to ensure this occurs properly.

Affected Packages4 packages

▶Linuxlinux/linux_kernel5.18.0 — 6.1.28+2

▶Debianlinux/linux_kernel< 6.1.37-1+2

▶CVEListV5linux/linux7f5a08c79df35e68f1a43033450c5050f12bc155 — 0489c2b2c3104b89f078dbcec8c744dfc157d3e9+4

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

OSV

tracing/user_events: Ensure write index cannot be negative↗2025-12-24

▶

OSV

CVE-2023-54139: In the Linux kernel, the following vulnerability has been resolved: tracing/user_events: Ensure write index cannot be negative The write index indicat↗2025-12-24

▶

GHSA

GHSA-8m37-c7gh-2jmr: In the Linux kernel, the following vulnerability has been resolved: tracing/user_events: Ensure write index cannot be negative The write index indic↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: tracing/user_events: Ensure write index cannot be negative↗2025-12-24

▶

Debian

CVE-2023-54139: linux - In the Linux kernel, the following vulnerability has been resolved: tracing/use...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54139 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶