PT-2025-41090 · Linux+3 · Linux Kernel+3

Published

2023-11-07

Updated

2025-11-28

CVE-2023-53646

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-kasan 438-g3303d06107f3+

Description The Linux kernel contains an issue within the drm/i915/perf subsystem related to the handling of arrays passed to the reg in range table. Specifically, these arrays were not properly terminated with an empty record, leading to a potential out-of-bounds read when validating addresses using the xehp is valid b counter addr function. This resulted in a Kernel Address Sanitizer (KASAN) detected bug. The issue was addressed by adding a sentinel to the xehp oa b counters.

Recommendations Update to version 6.4.0-kasan 438-g3303d06107f3+ or later to resolve this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2025_16880

CESA-2023_7077

CVE-2023-53646

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_7077

RHSA-2024:2394

RHSA-2024_2394

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4301-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2025-41090 · Linux+3 · Linux Kernel+3

CVE-2023-53646

Related Identifiers

Affected Products

References · 1010