CVE-2023-54295Reliance on Undefined, Unspecified, or Implementation-Defined Behavior in Linux

CWE-758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior7 documents6 sources
Severity
4.1MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type spi_nor_set_erase_type() was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was hit: UBSAN: shift-out-of-bounds in drivers/mtd/spi-nor/core.c:2237:24 shift exponent 4294967295 is too large for 32-bit type 'int' The setting of the size_{shift, mask} and of the opcode are unnecessary when the erase s

Affected Packages4 packages

Linuxlinux/linux_kernel4.20.05.10.173+3
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux5390a8df769ec9ba9c995191bb0867430f602ebbe6409208c13f7c56adc12dd795abf4141e3d5e64+5
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54295: In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type spi_nor_set_erase_2025-12-30
OSV
mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type2025-12-30
GHSA
GHSA-3x4v-mgvj-ccrv: In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type spi_nor_set_eras2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type2025-12-30
Debian
CVE-2023-54295: linux - In the Linux kernel, the following vulnerability has been resolved: mtd: spi-no...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54295 Impact, Exploitability, and Mitigation Steps | Wiz