CVE-2023-53646
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-07

Last updated on: 2026-02-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/i915/perf: add sentinel to xehp_oa_b_counters Arrays passed to reg_in_range_table should end with empty record. The patch solves KASAN detected bug with signature: BUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915] Read of size 4 at addr ffffffffa1555d90 by task perf/1518 CPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1 Hardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023 Call Trace: <TASK> ... xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915] (cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-07
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2025-10-07
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53646
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.5
linux linux_kernel From 6.2 (inc) to 6.4.7 (inc)
intel linux_kernel 6.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a bug in the Linux kernel's i915 graphics driver related to the handling of performance counters. Specifically, arrays passed to the function reg_in_range_table were missing a sentinel (an empty record) at the end, which caused a global out-of-bounds read detected by KASAN (Kernel Address Sanitizer). This could lead to the kernel reading invalid memory addresses during performance counter validation.

Impact Analysis

The vulnerability can cause the Linux kernel to perform out-of-bounds memory reads, which may lead to system instability, crashes, or potential information disclosure. Since it involves kernel memory access, it could be exploited to affect system reliability or security, especially on systems using the affected Intel graphics driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart