Home

Description

In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() The size of array 'priv->ports[]' is INNO_PHY_PORT_NUM. In the for loop, 'i' is used as the index for array 'priv->ports[]' with a check (i > INNO_PHY_PORT_NUM) which indicates that INNO_PHY_PORT_NUM is allowed value for 'i' in the same loop. This > comparison needs to be changed to >=, otherwise it potentially leads to an out of bounds write on the next iteration through the loop

PUBLISHED Reserved 2025-09-15 | Published 2025-09-15 | Updated 2025-09-15 | Assigner Linux

Product status

Default status
unaffected

ba8b0ee81fbbc249e60f84bf097bd56e8047c742 (git) before 2843a2e703f5cb85c9eeca11b7ee90861635a010
affected

ba8b0ee81fbbc249e60f84bf097bd56e8047c742 (git) before 195e806b2afb0bad6470c9094f7e45e0cf109ee0
affected

ba8b0ee81fbbc249e60f84bf097bd56e8047c742 (git) before ad249aa3c38f329f91fba8b4b3cd087e79fb0ce8
affected

ba8b0ee81fbbc249e60f84bf097bd56e8047c742 (git) before 6d8a71e4c3a2fa4960cc50996e76a42b62fab677
affected

ba8b0ee81fbbc249e60f84bf097bd56e8047c742 (git) before 01cb355bb92e8fcf8306e11a4774d610c5864e39
affected

ba8b0ee81fbbc249e60f84bf097bd56e8047c742 (git) before ce69eac840db0b559994dc4290fce3d7c0d7bccd
affected

ba8b0ee81fbbc249e60f84bf097bd56e8047c742 (git) before 13c088cf3657d70893d75cf116be937f1509cc0f
affected

Default status
affected

4.17
affected

Any version before 4.17
unaffected

4.19.291 (semver)
unaffected

5.4.253 (semver)
unaffected

5.10.190 (semver)
unaffected

5.15.124 (semver)
unaffected

6.1.43 (semver)
unaffected

6.4.8 (semver)
unaffected

6.5 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/2843a2e703f5cb85c9eeca11b7ee90861635a010

git.kernel.org/...c/195e806b2afb0bad6470c9094f7e45e0cf109ee0

git.kernel.org/...c/ad249aa3c38f329f91fba8b4b3cd087e79fb0ce8

git.kernel.org/...c/6d8a71e4c3a2fa4960cc50996e76a42b62fab677

git.kernel.org/...c/01cb355bb92e8fcf8306e11a4774d610c5864e39

git.kernel.org/...c/ce69eac840db0b559994dc4290fce3d7c0d7bccd

git.kernel.org/...c/13c088cf3657d70893d75cf116be937f1509cc0f

cve.org (CVE-2023-53238)

nvd.nist.gov (CVE-2023-53238)

Download JSON