| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091859-CVE-2023-53395-939e@gregkh> Date: Thu, 18 Sep 2025 15:34:40 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53395: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of no argument, AML_NO_OPERAND_RESOLVE flag is added to ASL Timer instruction opcode. When ASL timer instruction interpreted by ACPI interpreter, getting error. After adding AML_NO_OPERAND_RESOLVE flag to ASL Timer instruction opcode, issue is not observed. ============================================================= UBSAN: array-index-out-of-bounds in acpica/dswexec.c:401:12 index -1 is out of range for type 'union acpi_operand_object *[9]' CPU: 37 PID: 1678 Comm: cat Not tainted 6.0.0-dev-th500-6.0.y-1+bcf8c46459e407-generic-64k HW name: NVIDIA BIOS v1.1.1-d7acbfc-dirty 12/19/2022 Call trace: dump_backtrace+0xe0/0x130 show_stack+0x20/0x60 dump_stack_lvl+0x68/0x84 dump_stack+0x18/0x34 ubsan_epilogue+0x10/0x50 __ubsan_handle_out_of_bounds+0x80/0x90 acpi_ds_exec_end_op+0x1bc/0x6d8 acpi_ps_parse_loop+0x57c/0x618 acpi_ps_parse_aml+0x1e0/0x4b4 acpi_ps_execute_method+0x24c/0x2b8 acpi_ns_evaluate+0x3a8/0x4bc acpi_evaluate_object+0x15c/0x37c acpi_evaluate_integer+0x54/0x15c show_power+0x8c/0x12c [acpi_power_meter] The Linux kernel CVE team has assigned CVE-2023-53395 to this issue. Affected and fixed versions =========================== Fixed in 4.14.326 with commit 2f2a5905303ae230b5159fcd8cdcd5b3e7ad5e2d Fixed in 4.19.295 with commit 23c67fa615c52712bfa02a6dfadbd4656c87c066 Fixed in 5.4.257 with commit 3bf4463e40a17a23f2f261dfd7fe23129bdd04a4 Fixed in 5.10.197 with commit 625c12dc04a607b79f180ef3ee5a12bf2e3324c0 Fixed in 5.15.133 with commit 430787056dd3c591eb553d5c3b2717efcf307d4e Fixed in 6.1.55 with commit e1f686930ee4b059c7baa3c3904b2401829f2589 Fixed in 6.5.5 with commit b102113469487b460e9e77fe9e00d49c50fe8c86 Fixed in 6.6 with commit 3a21ffdbc825e0919db9da0e27ee5ff2cc8a863e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53395 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/acpi/acpica/psopcode.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2f2a5905303ae230b5159fcd8cdcd5b3e7ad5e2d https://git.kernel.org/stable/c/23c67fa615c52712bfa02a6dfadbd4656c87c066 https://git.kernel.org/stable/c/3bf4463e40a17a23f2f261dfd7fe23129bdd04a4 https://git.kernel.org/stable/c/625c12dc04a607b79f180ef3ee5a12bf2e3324c0 https://git.kernel.org/stable/c/430787056dd3c591eb553d5c3b2717efcf307d4e https://git.kernel.org/stable/c/e1f686930ee4b059c7baa3c3904b2401829f2589 https://git.kernel.org/stable/c/b102113469487b460e9e77fe9e00d49c50fe8c86 https://git.kernel.org/stable/c/3a21ffdbc825e0919db9da0e27ee5ff2cc8a863e
Powered by blists - more mailing lists