{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53598", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-10-04T15:40:38.479Z", "datePublished": "2025-10-04T15:44:10.380Z", "dateUpdated": "2025-10-04T15:44:10.380Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-04T15:44:10.380Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Range check CHDBOFF and ERDBOFF\n\nIf the value read from the CHDBOFF and ERDBOFF registers is outside the\nrange of the MHI register space then an invalid address might be computed\nwhich later causes a kernel panic. Range check the read value to prevent\na crash due to bad data from the device."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bus/mhi/host/init.c"], "versions": [{"version": "6cd330ae76ffd5c8f6294c423cabde7eeef1b40c", "lessThan": "372f1752b74572b0a9d2288841eab7db17daccae", "status": "affected", "versionType": "git"}, {"version": "6cd330ae76ffd5c8f6294c423cabde7eeef1b40c", "lessThan": "2343385fe6eed11d0432ab42a97b3ca4aef06a99", "status": "affected", "versionType": "git"}, {"version": "6cd330ae76ffd5c8f6294c423cabde7eeef1b40c", "lessThan": "a2cbb1a45a0c86ce77839c0875414efe1a89315e", "status": "affected", "versionType": "git"}, {"version": "6cd330ae76ffd5c8f6294c423cabde7eeef1b40c", "lessThan": "83bf6b87e2dd053d95d89eb2f01ae885f9e568db", "status": "affected", "versionType": "git"}, {"version": "6cd330ae76ffd5c8f6294c423cabde7eeef1b40c", "lessThan": "4e584127ec2bd42a37c88badb49df409f21fa40a", "status": "affected", "versionType": "git"}, {"version": "6cd330ae76ffd5c8f6294c423cabde7eeef1b40c", "lessThan": "6a0c637bfee69a74c104468544d9f2a6579626d0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/bus/mhi/host/init.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.192", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.112", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.28", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.15", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3.2", "lessThanOrEqual": "6.3.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.10.192"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.15.112"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.1.28"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.2.15"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.3.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/372f1752b74572b0a9d2288841eab7db17daccae"}, {"url": "https://git.kernel.org/stable/c/2343385fe6eed11d0432ab42a97b3ca4aef06a99"}, {"url": "https://git.kernel.org/stable/c/a2cbb1a45a0c86ce77839c0875414efe1a89315e"}, {"url": "https://git.kernel.org/stable/c/83bf6b87e2dd053d95d89eb2f01ae885f9e568db"}, {"url": "https://git.kernel.org/stable/c/4e584127ec2bd42a37c88badb49df409f21fa40a"}, {"url": "https://git.kernel.org/stable/c/6a0c637bfee69a74c104468544d9f2a6579626d0"}], "title": "bus: mhi: host: Range check CHDBOFF and ERDBOFF", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Range check CHDBOFF and ERDBOFF\n\nIf the value read from the CHDBOFF and ERDBOFF registers is outside the\nrange of the MHI register space then an invalid address might be computed\nwhich later causes a kernel panic. Range check the read value to prevent\na crash due to bad data from the device."}], "id": "CVE-2023-53598", "lastModified": "2025-10-06T14:56:21.733", "metrics": {}, "published": "2025-10-04T16:15:56.383", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2343385fe6eed11d0432ab42a97b3ca4aef06a99"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/372f1752b74572b0a9d2288841eab7db17daccae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4e584127ec2bd42a37c88badb49df409f21fa40a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6a0c637bfee69a74c104468544d9f2a6579626d0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/83bf6b87e2dd053d95d89eb2f01ae885f9e568db"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a2cbb1a45a0c86ce77839c0875414efe1a89315e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: bus: mhi: host: Range check CHDBOFF and ERDBOFF", "id": "2401500", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401500"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbus: mhi: host: Range check CHDBOFF and ERDBOFF\nIf the value read from the CHDBOFF and ERDBOFF registers is outside the\nrange of the MHI register space then an invalid address might be computed\nwhich later causes a kernel panic. Range check the read value to prevent\na crash due to bad data from the device."], "name": "CVE-2023-53598", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhivos:1", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat In-Vehicle Operating System 1"}], "public_date": "2025-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53598\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53598\nhttps://lore.kernel.org/linux-cve-announce/2025100429-CVE-2023-53598-cbd8@gregkh/T"], "threat_severity": "Moderate"}