CVE-2023-53238
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/09/2025
Last modified:
15/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()<br />
<br />
The size of array &#39;priv->ports[]&#39; is INNO_PHY_PORT_NUM.<br />
<br />
In the for loop, &#39;i&#39; is used as the index for array &#39;priv->ports[]&#39;<br />
with a check (i > INNO_PHY_PORT_NUM) which indicates that<br />
INNO_PHY_PORT_NUM is allowed value for &#39;i&#39; in the same loop.<br />
<br />
This > comparison needs to be changed to >=, otherwise it potentially leads<br />
to an out of bounds write on the next iteration through the loop
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/01cb355bb92e8fcf8306e11a4774d610c5864e39
- https://git.kernel.org/stable/c/13c088cf3657d70893d75cf116be937f1509cc0f
- https://git.kernel.org/stable/c/195e806b2afb0bad6470c9094f7e45e0cf109ee0
- https://git.kernel.org/stable/c/2843a2e703f5cb85c9eeca11b7ee90861635a010
- https://git.kernel.org/stable/c/6d8a71e4c3a2fa4960cc50996e76a42b62fab677
- https://git.kernel.org/stable/c/ad249aa3c38f329f91fba8b4b3cd087e79fb0ce8
- https://git.kernel.org/stable/c/ce69eac840db0b559994dc4290fce3d7c0d7bccd