{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53541", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-10-04T15:14:15.920Z", "datePublished": "2025-10-04T15:16:50.765Z", "dateUpdated": "2025-10-04T15:16:50.765Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-04T15:16:50.765Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mtd/nand/raw/brcmnand/brcmnand.c"], "versions": [{"version": "27c5b17cd1b10564fa36f8f51e4b4b41436ecc32", "lessThan": "2bc3d6ac704ea7263175ea3da663fdbbb7f3dd8b", "status": "affected", "versionType": "git"}, {"version": "27c5b17cd1b10564fa36f8f51e4b4b41436ecc32", "lessThan": "14b1d00520b4d6a4818364334ce472b79cfc8976", "status": "affected", "versionType": "git"}, {"version": "27c5b17cd1b10564fa36f8f51e4b4b41436ecc32", "lessThan": "aae45746f4aee9818296e0500e0703e9d8caa5b8", "status": "affected", "versionType": "git"}, {"version": "27c5b17cd1b10564fa36f8f51e4b4b41436ecc32", "lessThan": "d00b031266514a9395124704630b056a5185ec17", "status": "affected", "versionType": "git"}, {"version": "27c5b17cd1b10564fa36f8f51e4b4b41436ecc32", "lessThan": "2353b7bb61e45e7cfd21505d0c6747ac8c9496a1", "status": "affected", "versionType": "git"}, {"version": "27c5b17cd1b10564fa36f8f51e4b4b41436ecc32", "lessThan": "45fe4ad7f439799ee1b7b5f80bf82e8b34a98d25", "status": "affected", "versionType": "git"}, {"version": "27c5b17cd1b10564fa36f8f51e4b4b41436ecc32", "lessThan": "648d1150a688698e37f7aaf302860180901cb30e", "status": "affected", "versionType": "git"}, {"version": "27c5b17cd1b10564fa36f8f51e4b4b41436ecc32", "lessThan": "5d53244186c9ac58cb88d76a0958ca55b83a15cd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/mtd/nand/raw/brcmnand/brcmnand.c"], "versions": [{"version": "4.2", "status": "affected"}, {"version": "0", "lessThan": "4.2", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.326", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.295", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.257", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.195", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.132", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.54", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.4", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "4.14.326"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "4.19.295"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "5.4.257"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "5.10.195"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "5.15.132"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.1.54"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.5.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "6.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2bc3d6ac704ea7263175ea3da663fdbbb7f3dd8b"}, {"url": "https://git.kernel.org/stable/c/14b1d00520b4d6a4818364334ce472b79cfc8976"}, {"url": "https://git.kernel.org/stable/c/aae45746f4aee9818296e0500e0703e9d8caa5b8"}, {"url": "https://git.kernel.org/stable/c/d00b031266514a9395124704630b056a5185ec17"}, {"url": "https://git.kernel.org/stable/c/2353b7bb61e45e7cfd21505d0c6747ac8c9496a1"}, {"url": "https://git.kernel.org/stable/c/45fe4ad7f439799ee1b7b5f80bf82e8b34a98d25"}, {"url": "https://git.kernel.org/stable/c/648d1150a688698e37f7aaf302860180901cb30e"}, {"url": "https://git.kernel.org/stable/c/5d53244186c9ac58cb88d76a0958ca55b83a15cd"}], "title": "mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters."}], "id": "CVE-2023-53541", "lastModified": "2025-10-06T14:56:21.733", "metrics": {}, "published": "2025-10-04T16:15:49.160", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/14b1d00520b4d6a4818364334ce472b79cfc8976"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2353b7bb61e45e7cfd21505d0c6747ac8c9496a1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2bc3d6ac704ea7263175ea3da663fdbbb7f3dd8b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/45fe4ad7f439799ee1b7b5f80bf82e8b34a98d25"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5d53244186c9ac58cb88d76a0958ca55b83a15cd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/648d1150a688698e37f7aaf302860180901cb30e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aae45746f4aee9818296e0500e0703e9d8caa5b8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d00b031266514a9395124704630b056a5185ec17"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write", "id": "2401519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401519"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters."], "name": "CVE-2023-53541", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhivos:1", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat In-Vehicle Operating System 1"}], "public_date": "2025-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53541\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53541\nhttps://lore.kernel.org/linux-cve-announce/2025100444-CVE-2023-53541-d961@gregkh/T"], "threat_severity": "Moderate"}