CVE-2023-54135
Out-of-Bounds Write in Linux Kernel maple_tree Component
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential out-of-bounds access issue in the Linux kernel's maple_tree data structure, specifically in the mas_wr_end_piv() function. It occurs when the write offset end bounds are not properly checked before being used as an offset into the pivot array, which could lead to accessing memory beyond the intended limits of the pivot array. The fix involves verifying the write offset end bounds to prevent this out-of-bounds access.
How can this vulnerability impact me? :
If exploited, this vulnerability could cause the Linux kernel to access memory out of bounds, potentially leading to system instability, crashes, or security issues such as memory corruption. However, the description notes that current callers are not affected, but new users of maple_tree might encounter this problem if the fix is backported to earlier kernels.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to a Linux kernel version that includes the fix for the maple_tree out-of-bounds access in mas_wr_end_piv(). This fix is included in stable kernel releases to prevent potential out-of-bounds access issues.