CVE-2023-54198Improper Validation of Specified Index, Position, or Offset in Input in Linux

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in tty_driver_lookup_tty() When specifying an invalid console= device like console=tty3270, tty_driver_lookup_tty() returns the tty struct without checking whether index is a valid number. To reproduce: qemu-system-x86_64 -enable-kvm -nographic -serial mon:stdio \ -kernel ../linux-build-x86/arch/x86/boot/bzImage \ -append "console=ttyS0 console=tty3270" This crashes with: [ 0.770599] BUG: kern

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.284.14.308+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux99f1fe189daf8e99a847e420567e49dd7ee2aae73df6f492f500a16c231f07ccc6f6ed1302caddf9+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
tty: fix out-of-bounds access in tty_driver_lookup_tty()2025-12-30
GHSA
GHSA-39rg-6496-pf73: In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in tty_driver_lookup_tty() When specifying an inva2025-12-30
OSV
CVE-2023-54198: In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in tty_driver_lookup_tty() When specifying an invali2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: tty: fix out-of-bounds access in tty_driver_lookup_tty()2025-12-30
Debian
CVE-2023-54198: linux - In the Linux kernel, the following vulnerability has been resolved: tty: fix ou...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54198 Impact, Exploitability, and Mitigation Steps | Wiz