{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T04:53:06.168","vulnerabilities":[{"cve":{"id":"CVE-2023-53768","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-12-08T02:15:52.797","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nregmap-irq: Fix out-of-bounds access when allocating config buffers\n\nWhen allocating the 2D array for handling IRQ type registers in\nregmap_add_irq_chip_fwnode(), the intent is to allocate a matrix\nwith num_config_bases rows and num_config_regs columns.\n\nThis is currently handled by allocating a buffer to hold a pointer for\neach row (i.e. num_config_bases). After that, the logic attempts to\nallocate the memory required to hold the register configuration for\neach row. However, instead of doing this allocation for each row\n(i.e. num_config_bases allocations), the logic erroneously does this\nallocation num_config_regs number of times.\n\nThis scenario can lead to out-of-bounds accesses when num_config_regs\nis greater than num_config_bases. Fix this by updating the terminating\ncondition of the loop that allocates the memory for holding the register\nconfiguration to allocate memory only for each row in the matrix.\n\nAmit Pundir reported a crash that was occurring on his db845c device\ndue to memory corruption (see \"Closes\" tag for Amit's report). The KASAN\nreport below helped narrow it down to this issue:\n\n[   14.033877][    T1] ==================================================================\n[   14.042507][    T1] BUG: KASAN: invalid-access in regmap_add_irq_chip_fwnode+0x594/0x1364\n[   14.050796][    T1] Write of size 8 at addr 06ffff8081021850 by task init/1\n\n[   14.242004][    T1] The buggy address belongs to the object at ffffff8081021850\n[   14.242004][    T1]  which belongs to the cache kmalloc-8 of size 8\n[   14.255669][    T1] The buggy address is located 0 bytes inside of\n[   14.255669][    T1]  8-byte region [ffffff8081021850, ffffff8081021858)"}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/6e7b2337ecd028bd888a1a0be4115b8a88faf838","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/963b54df82b6d6206d7def273390bf3f7af558e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/b1a726ad33e585e3d9fa70712df31ae105e4532c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}