CVE-2023-53487

HIGH EPSS 4.9%
Published Oct 1, 20259mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 1, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas_flash: allow user copy to flash block cache objects With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the /proc/powerpc/rtas/firmware_update interface to prepare a system firmware update yields a BUG(): kernel BUG at mm/usercopy.c:102! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Modules linked in: CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2 Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860_146) hv:phyp pSeries NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000 REGS: c0000000148c76a0 TRAP: 0700 Not tainted (6.5.0-rc3+) MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 24002242 XER: 0000000c CFAR: c0000000001fbd34 IRQMASK: 0 [ ... GPRs omitted ... ] NIP usercopy_abort+0xa0/0xb0 LR usercopy_abort+0x9c/0xb0 Call Trace: usercopy_abort+0x9c/0xb0 (unreliable) __check_heap_object+0x1b4/0x1d0 __check_object_size+0x2d0/0x380 rtas_flash_write+0xe4/0x250 proc_reg_write+0xfc/0x160 vfs_write+0xfc/0x4e0 ksys_write+0x90/0x160 system_call_exception+0x178/0x320 system_call_common+0x160/0x2c4 The blocks of the firmware image are copied directly from user memory to objects allocated from flash_block_cache, so flash_block_cache must be created using kmem_cache_create_usercopy() to mark it safe for user access. [mpe: Trim and indent oops]

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥4.16  –  <4.19.293
linuxlinux_kernel*≥4.20  –  <5.4.255
linuxlinux_kernel*≥5.5  –  <5.10.192
linuxlinux_kernel*≥5.11  –  <5.15.128
linuxlinux_kernel*≥5.16  –  <6.1.47
linuxlinux_kernel*≥6.2  –  <6.4.12
linuxlinux_kernel6.5any
linuxlinux_kernel6.5any
linuxlinux_kernel6.5any
linuxlinux_kernel6.5any
linuxlinux_kernel6.5any
linuxlinux_kernel6.5any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/0ba7f969be599e21d4b1f1e947593de6515f4996
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1d29e21ed09fa668416fa7721e08d451b9903485
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f3175979e62de3b929bfa54a0db4b87d36257a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6acb8a453388374fafb3c3b37534b675b2aa0ae1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ef25fb13494e35c6dbe15445c7875fa92bc3e8b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f09cc15dcd91d16562400c51d24c7be0d5796fa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b8fee83aa4ed3846c7f50a0b364bc699f48d96e5
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0ba7f969be599e21d4b1f1e947593de6515f4996
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1d29e21ed09fa668416fa7721e08d451b9903485
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f3175979e62de3b929bfa54a0db4b87d36257a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6acb8a453388374fafb3c3b37534b675b2aa0ae1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ef25fb13494e35c6dbe15445c7875fa92bc3e8b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8f09cc15dcd91d16562400c51d24c7be0d5796fa
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b8fee83aa4ed3846c7f50a0b364bc699f48d96e5
    Patch