CVE-2023-53182

MEDIUM EPSS 4.3%
Published Sep 15, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 15, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Avoid undefined behavior: applying zero offset to null pointer ACPICA commit 770653e3ba67c30a629ca7d12e352d83c2541b1e Before this change we see the following UBSAN stack trace in Fuchsia: #0 0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682 <platform-bus-x86.so>+0x233302 #1.2 0x000020d0f660777f in ubsan_get_stack_trace() compiler-rt/lib/ubsan/ubsan_diag.cpp:41 <libclang_rt.asan.so>+0x3d77f #1.1 0x000020d0f660777f in maybe_print_stack_trace() compiler-rt/lib/ubsan/ubsan_diag.cpp:51 <libclang_rt.asan.so>+0x3d77f #1 0x000020d0f660777f in ~scoped_report() compiler-rt/lib/ubsan/ubsan_diag.cpp:387 <libclang_rt.asan.so>+0x3d77f #2 0x000020d0f660b96d in handlepointer_overflow_impl() compiler-rt/lib/ubsan/ubsan_handlers.cpp:809 <libclang_rt.asan.so>+0x4196d #3 0x000020d0f660b50d in compiler-rt/lib/ubsan/ubsan_handlers.cpp:815 <libclang_rt.asan.so>+0x4150d #4 0x000021e4213b3302 in acpi_ds_init_aml_walk(struct acpi_walk_state*, union acpi_parse_object*, struct acpi_namespace_node*, u8*, u32, struct acpi_evaluate_info*, u8) ../../third_party/acpica/source/components/dispatcher/dswstate.c:682 <platform-bus-x86.so>+0x233302 #5 0x000021e4213e2369 in acpi_ds_call_control_method(struct acpi_thread_state*, struct acpi_walk_state*, union acpi_parse_object*) ../../third_party/acpica/source/components/dispatcher/dsmethod.c:605 <platform-bus-x86.so>+0x262369 #6 0x000021e421437fac in acpi_ps_parse_aml(struct acpi_walk_state*) ../../third_party/acpica/source/components/parser/psparse.c:550 <platform-bus-x86.so>+0x2b7fac #7 0x000021e4214464d2 in acpi_ps_execute_method(struct acpi_evaluate_info*) ../../third_party/acpica/source/components/parser/psxface.c:244 <platform-bus-x86.so>+0x2c64d2 #8 0x000021e4213aa052 in acpi_ns_evaluate(struct acpi_evaluate_info*) ../../third_party/acpica/source/components/namespace/nseval.c:250 <platform-bus-x86.so>+0x22a052 #9 0x000021e421413dd8 in acpi_ns_init_one_device(acpi_handle, u32, void*, void**) ../../third_party/acpica/source/components/namespace/nsinit.c:735 <platform-bus-x86.so>+0x293dd8 #10 0x000021e421429e98 in acpi_ns_walk_namespace(acpi_object_type, acpi_handle, u32, u32, acpi_walk_callback, acpi_walk_callback, void*, void**) ../../third_party/acpica/source/components/namespace/nswalk.c:298 <platform-bus-x86.so>+0x2a9e98 #11 0x000021e4214131ac in acpi_ns_initialize_devices(u32) ../../third_party/acpica/source/components/namespace/nsinit.c:268 <platform-bus-x86.so>+0x2931ac #12 0x000021e42147c40d in acpi_initialize_objects(u32) ../../third_party/acpica/source/components/utilities/utxfinit.c:304 <platform-bus-x86.so>+0x2fc40d #13 0x000021e42126d603 in acpi::acpi_impl::initialize_acpi(acpi::acpi_impl*) ../../src/devices/board/lib/acpi/acpi-impl.cc:224 <platform-bus-x86.so>+0xed603 Add a simple check that avoids incrementing a pointer by zero, but otherwise behaves as before. Note that our findings are against ACPICA 20221020, but the same code exists on master.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel* <4.14.316
linuxlinux_kernel*≥4.15  –  <4.19.284
linuxlinux_kernel*≥4.20  –  <5.4.244
linuxlinux_kernel*≥5.5  –  <5.10.181
linuxlinux_kernel*≥5.11  –  <5.15.113
linuxlinux_kernel*≥5.16  –  <6.1.30
linuxlinux_kernel*≥6.2  –  <6.3.4

References 8

  • git.kernel.org https://git.kernel.org/stable/c/05bb0167c80b8f93c6a4e0451b7da9b96db990c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/16359bc02c093b0862e31739c07673340a2106a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3048c6b84a51e4ba4a89385ed218d19a670edd47
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/35465c7a91c6b46e7c14d0c01d0084349a38ce51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3a7a4aa3958ce0c4938a443d65001debe9a9af9c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a2d0dcb47b16f84880a59571eab8a004e3236d7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/710e09fd116e2fa53e319a416ad4e4f8027682b6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c4a7163b7f1495e3cc58bec7a4100de6612cde9
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/05bb0167c80b8f93c6a4e0451b7da9b96db990c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/16359bc02c093b0862e31739c07673340a2106a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3048c6b84a51e4ba4a89385ed218d19a670edd47
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/35465c7a91c6b46e7c14d0c01d0084349a38ce51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3a7a4aa3958ce0c4938a443d65001debe9a9af9c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5a2d0dcb47b16f84880a59571eab8a004e3236d7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/710e09fd116e2fa53e319a416ad4e4f8027682b6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c4a7163b7f1495e3cc58bec7a4100de6612cde9
    Patch