CVE-2023-54104

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel related to out-of-bounds access within the fun exec op() function in the rawnand/fsl upm module. The op-cs value is copied into fun->mchip number, which is then used to access the mchip offsets and rnb gpio arrays. These arrays are limited to NAND MAX CHIPS elements, and the sanity check was insufficient, potentially allowing access beyond this limit. This could lead to out-of-bounds reads or writes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

BDU:2026-04185

CVE-2023-54104

SUSE-SU-2026:0263-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

CVE-2023-54104

Weakness Enumeration

Related Identifiers

Affected Products

References · 2183