CVE-2023-53646
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-02-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | From 6.2 (inc) to 6.4.7 (inc) |
| intel | linux_kernel | 6.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a bug in the Linux kernel's i915 graphics driver related to the handling of performance counters. Specifically, arrays passed to the function reg_in_range_table were missing a sentinel (an empty record) at the end, which caused a global out-of-bounds read detected by KASAN (Kernel Address Sanitizer). This could lead to the kernel reading invalid memory addresses during performance counter validation.
How can this vulnerability impact me? :
The vulnerability can cause the Linux kernel to perform out-of-bounds memory reads, which may lead to system instability, crashes, or potential information disclosure. Since it involves kernel memory access, it could be exploited to affect system reliability or security, especially on systems using the affected Intel graphics driver.