DEBIAN-CVE-2023-53703

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-53703

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53703.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-53703

Upstream

CVE-2023-53703

Published

2025-10-22T14:15:44.873Z

Modified

2025-11-17T04:27:59.487281Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Fix for shift-out-of-bounds Shift operation of 'exp' and 'shift' variables exceeds the maximum number of shift values in the u32 range leading to UBSAN shift-out-of-bounds. ... [ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh11/amdsfhdesc.c:149:50 [ 6.120598] shift exponent 104 is too large for 64-bit type 'long unsigned int' [ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd1-next-20230519-dirty #10 [ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFHwithHPDSEN.FD 04/05/2023 [ 6.120667] Workqueue: events amdsfhworkbuffer [amdsfh] [ 6.120687] Call Trace: [ 6.120690] <TASK> [ 6.120694] dumpstacklvl+0x48/0x70 [ 6.120704] dumpstack+0x10/0x20 [ 6.120707] ubsanepilogue+0x9/0x40 [ 6.120716] _ubsanhandleshiftoutofbounds+0x10f/0x170 [ 6.120720] ? psigroupchange+0x25f/0x4b0 [ 6.120729] floattoint.cold+0x18/0xba [amdsfh] [ 6.120739] getinputrep+0x57/0x340 [amdsfh] [ 6.120748] ? _schedule+0xba7/0x1b60 [ 6.120756] ? _pfxgetinputrep+0x10/0x10 [amdsfh] [ 6.120764] amdsfhworkbuffer+0x91/0x180 [amdsfh] [ 6.120772] processonework+0x229/0x430 [ 6.120780] workerthread+0x4a/0x3c0 [ 6.120784] ? _pfxworkerthread+0x10/0x10 [ 6.120788] kthread+0xf7/0x130 [ 6.120792] ? _pfxkthread+0x10/0x10 [ 6.120795] retfromfork+0x29/0x50 [ 6.120804] </TASK> ... Fix this by adding the condition to validate shift ranges.

References

https://security-tracker.debian.org/tracker/CVE-2023-53703

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.52-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53703.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53703.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-53703.json"