Home

Description

In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in tty_driver_lookup_tty() When specifying an invalid console= device like console=tty3270, tty_driver_lookup_tty() returns the tty struct without checking whether index is a valid number. To reproduce: qemu-system-x86_64 -enable-kvm -nographic -serial mon:stdio \ -kernel ../linux-build-x86/arch/x86/boot/bzImage \ -append "console=ttyS0 console=tty3270" This crashes with: [ 0.770599] BUG: kernel NULL pointer dereference, address: 00000000000000ef [ 0.771265] #PF: supervisor read access in kernel mode [ 0.771773] #PF: error_code(0x0000) - not-present page [ 0.772609] Oops: 0000 [#1] PREEMPT SMP PTI [ 0.774878] RIP: 0010:tty_open+0x268/0x6f0 [ 0.784013] chrdev_open+0xbd/0x230 [ 0.784444] ? cdev_device_add+0x80/0x80 [ 0.784920] do_dentry_open+0x1e0/0x410 [ 0.785389] path_openat+0xca9/0x1050 [ 0.785813] do_filp_open+0xaa/0x150 [ 0.786240] file_open_name+0x133/0x1b0 [ 0.786746] filp_open+0x27/0x50 [ 0.787244] console_on_rootfs+0x14/0x4d [ 0.787800] kernel_init_freeable+0x1e4/0x20d [ 0.788383] ? rest_init+0xc0/0xc0 [ 0.788881] kernel_init+0x11/0x120 [ 0.789356] ret_from_fork+0x22/0x30

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2025-12-30 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 3df6f492f500a16c231f07ccc6f6ed1302caddf9
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before b79109d6470aaae7062998353e3a19449055829d
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 953a4a352a0c185460ae1449e4c6e6658e55fdfc
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 84ea44dc3e4ecb2632586238014bf6722aa5843b
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before f9d9d25ad1f0d060eaf297a2f7f03b5855a45561
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 765566110eb0da3cf60198b0165ecceeaafa6444
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before fcfeaa570f7a5c2d5f4f14931909531ff18b7fde
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before db4df8e9d79e7d37732c1a1b560958e8dadfefa1
affected

Default status
affected

4.14.308 (semver)
unaffected

4.19.276 (semver)
unaffected

5.4.235 (semver)
unaffected

5.10.173 (semver)
unaffected

5.15.100 (semver)
unaffected

6.1.18 (semver)
unaffected

6.2.5 (semver)
unaffected

6.3 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/3df6f492f500a16c231f07ccc6f6ed1302caddf9

git.kernel.org/...c/b79109d6470aaae7062998353e3a19449055829d

git.kernel.org/...c/953a4a352a0c185460ae1449e4c6e6658e55fdfc

git.kernel.org/...c/84ea44dc3e4ecb2632586238014bf6722aa5843b

git.kernel.org/...c/f9d9d25ad1f0d060eaf297a2f7f03b5855a45561

git.kernel.org/...c/765566110eb0da3cf60198b0165ecceeaafa6444

git.kernel.org/...c/fcfeaa570f7a5c2d5f4f14931909531ff18b7fde

git.kernel.org/...c/db4df8e9d79e7d37732c1a1b560958e8dadfefa1

cve.org (CVE-2023-54198)

nvd.nist.gov (CVE-2023-54198)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.