CVE-2023-54198
tty: fix out-of-bounds access in tty_driver_lookup_tty()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in tty_driver_lookup_tty() When specifying an invalid console= device like console=tty3270,
tty_driver_lookup_tty() returns the tty struct without checking
whether index is a valid number. To reproduce: qemu-system-x86_64 -enable-kvm -nographic -serial mon:stdio \n-kernel ../linux-build-x86/arch/x86/boot/bzImage \n-append "console=ttyS0 console=tty3270" This crashes with: [ 0.770599] BUG: kernel NULL pointer dereference, address: 00000000000000ef
[ 0.771265] #PF: supervisor read access in kernel mode
[ 0.771773] #PF: error_code(0x0000) - not-present page
[ 0.772609] Oops: 0000 [#1] PREEMPT SMP PTI
[ 0.774878] RIP: 0010:tty_open+0x268/0x6f0
[ 0.784013] chrdev_open+0xbd/0x230
[ 0.784444] ? cdev_device_add+0x80/0x80
[ 0.784920] do_dentry_open+0x1e0/0x410
[ 0.785389] path_openat+0xca9/0x1050
[ 0.785813] do_filp_open+0xaa/0x150
[ 0.786240] file_open_name+0x133/0x1b0
[ 0.786746] filp_open+0x27/0x50
[ 0.787244] console_on_rootfs+0x14/0x4d
[ 0.787800] kernel_init_freeable+0x1e4/0x20d
[ 0.788383] ? rest_init+0xc0/0xc0
[ 0.788881] kernel_init+0x11/0x120
[ 0.789356] ret_from_fork+0x22/0x30
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-12-30 CVE Reserved
- 2025-12-30 CVE Published
- 2026-01-05 CVE Updated
- 2026-01-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/99f1fe189daf8e99a847e420567e49dd7ee2aae7 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.28 < 4.14.308 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 4.14.308" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.28 < 4.19.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 4.19.276" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.28 < 5.4.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 5.4.235" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.28 < 5.10.173 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 5.10.173" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.28 < 5.15.100 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 5.15.100" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.28 < 6.1.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 6.1.18" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.28 < 6.2.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 6.2.5" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.28 < 6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.28 < 6.3" | en |
Affected
| ||||||