CVE-2023-53238
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.17 (inc) to 4.19.291 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.253 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.190 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.124 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.43 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.4.8 (exc) |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | 6.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write issue in the Linux kernel's hisilicon PHY driver. Specifically, in the function hisi_inno_phy_probe(), an array 'priv->ports[]' is indexed using a variable 'i' in a loop. The size of the array is defined by INNO_PHY_PORT_NUM. The code incorrectly uses a condition 'i > INNO_PHY_PORT_NUM' to check the loop boundary, which allows 'i' to reach the value INNO_PHY_PORT_NUM, causing an out of bounds write on the next iteration. The fix changes the condition to 'i >= INNO_PHY_PORT_NUM' to prevent this out of bounds access.
How can this vulnerability impact me? :
This vulnerability can lead to an out of bounds write in kernel memory, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges, compromising the security and reliability of the affected system.