CVE-2023-53238

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53238
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53238.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53238
Downstream
Related
Published
2025-09-15T14:22:12.160Z
Modified
2026-03-20T12:33:02.482030Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
Details

In the Linux kernel, the following vulnerability has been resolved:

phy: hisilicon: Fix an out of bounds check in hisiinnophy_probe()

The size of array 'priv->ports[]' is INNOPHYPORT_NUM.

In the for loop, 'i' is used as the index for array 'priv->ports[]' with a check (i > INNOPHYPORTNUM) which indicates that INNOPHYPORTNUM is allowed value for 'i' in the same loop.

This > comparison needs to be changed to >=, otherwise it potentially leads to an out of bounds write on the next iteration through the loop

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53238.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ba8b0ee81fbbc249e60f84bf097bd56e8047c742
Fixed
2843a2e703f5cb85c9eeca11b7ee90861635a010
Fixed
195e806b2afb0bad6470c9094f7e45e0cf109ee0
Fixed
ad249aa3c38f329f91fba8b4b3cd087e79fb0ce8
Fixed
6d8a71e4c3a2fa4960cc50996e76a42b62fab677
Fixed
01cb355bb92e8fcf8306e11a4774d610c5864e39
Fixed
ce69eac840db0b559994dc4290fce3d7c0d7bccd
Fixed
13c088cf3657d70893d75cf116be937f1509cc0f

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53238.json"