CVE-2023-54150Improper Validation of Specified Index, Position, or Offset in Input in Linux

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an out of bounds error. commit 4fc1ba4aa589 ("drm/amd/display: fix array index out of bound error in bios parser") fixed some of this, but there are two other cases not covered by it. Fix those as well.

Affected Packages4 packages

Linuxlinux/linux_kernel4.15.05.10.181+3
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxae79c310b1a6f97429a5784b65f125d9cc9c95b1b8e7589f50b709b647b642531599e70707faf70c+5
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-g4x6-vrjg-m8w6: In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 i2025-12-24
OSV
CVE-2023-54150: In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in2025-12-24
OSV
drm/amd: Fix an out of bounds error in BIOS parser2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: drm/amd: Fix an out of bounds error in BIOS parser2025-12-24
Debian
CVE-2023-54150: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fi...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54150 Impact, Exploitability, and Mitigation Steps | Wiz