CVE-2023-54198

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the tty driver lookup tty() function that can lead to an out-of-bounds access. This occurs when an invalid console device is specified, such as console=tty3270. The function returns a tty struct without validating the index, potentially causing a kernel crash. The issue can be reproduced using QEMU with a specific kernel and command-line arguments. The crash results in a kernel NULL pointer dereference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.