CVE-2023-53487

Source
https://cve.org/CVERecord?id=CVE-2023-53487
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53487.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53487
Downstream
Related
Published
2025-10-01T11:42:54.747Z
Modified
2026-07-07T08:39:42.923919474Z
Summary
powerpc/rtas_flash: allow user copy to flash block cache objects
Details

In the Linux kernel, the following vulnerability has been resolved:

powerpc/rtas_flash: allow user copy to flash block cache objects

With hardened usercopy enabled (CONFIGHARDENEDUSERCOPY=y), using the /proc/powerpc/rtas/firmware_update interface to prepare a system firmware update yields a BUG():

kernel BUG at mm/usercopy.c:102! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGESIZE=64K MMU=Hash SMP NRCPUS=2048 NUMA pSeries Modules linked in: CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2 Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860146) hv:phyp pSeries NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000 REGS: c0000000148c76a0 TRAP: 0700 Not tainted (6.5.0-rc3+) MSR: 8000000000029033 <SF,EE,ME,IR,DR,RI,LE> CR: 24002242 XER: 0000000c CFAR: c0000000001fbd34 IRQMASK: 0 [ ... GPRs omitted ... ] NIP usercopyabort+0xa0/0xb0 LR usercopyabort+0x9c/0xb0 Call Trace: usercopyabort+0x9c/0xb0 (unreliable) __checkheapobject+0x1b4/0x1d0 __checkobjectsize+0x2d0/0x380 rtasflashwrite+0xe4/0x250 procregwrite+0xfc/0x160 vfswrite+0xfc/0x4e0 ksyswrite+0x90/0x160 systemcallexception+0x178/0x320 systemcallcommon+0x160/0x2c4

The blocks of the firmware image are copied directly from user memory to objects allocated from flashblockcache, so flashblockcache must be created using kmemcachecreate_usercopy() to mark it safe for user access.

[mpe: Trim and indent oops]

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53487.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6d07d1cd300f4c7e16005f881fea388164999cc8
Fixed
8f09cc15dcd91d16562400c51d24c7be0d5796fa
Fixed
1d29e21ed09fa668416fa7721e08d451b9903485
Fixed
0ba7f969be599e21d4b1f1e947593de6515f4996
Fixed
8ef25fb13494e35c6dbe15445c7875fa92bc3e8b
Fixed
b8fee83aa4ed3846c7f50a0b364bc699f48d96e5
Fixed
6acb8a453388374fafb3c3b37534b675b2aa0ae1
Fixed
4f3175979e62de3b929bfa54a0db4b87d36257a7

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53487.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.16.0
Fixed
4.19.293
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.255
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.192
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.128
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.47
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.4.12

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53487.json"