VDB
CVE-2023-54139
CVE-2023-54139
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: tracing/user_events: Ensure write index cannot be negative The write index indicates which event the data is for and accesses a per-file array. The index is passed by user processes during write() calls as the first 4 bytes. Ensure that it cannot be negative by returning -EINVAL to prevent out of bounds accesses. Update ftrace self-test to ensure this occurs properly.
EPSS 0.03% · 8.4th percentile
Risk Scores
EPSS Score
0.03%
8.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 6.1.28, 0, 6.2.15 |
| linux | linux_kernel | 5.18, 5.18, 5.18 |
Exploit Intelligence
- https://git.kernel.org/stable/c/0489c2b2c3104b89f078dbcec8c744dfc157d3e9 (circl)
- https://git.kernel.org/stable/c/4fe46b5adf18e3dc606e62c9e6a0413398a17572 (circl)
- https://git.kernel.org/stable/c/fa7f2f5d1739452280c22727c4384a52b72ab5de (circl)
- https://git.kernel.org/stable/c/cd98c93286a30cc4588dfd02453bec63c2f4acf4 (circl)
Timeline
- Dec 24, 2025 CVE Published
- Dec 25, 2025 EPSS Score
- Dec 29, 2025 EPSS Score
- Jan 1, 2026 EPSS Score
- Jan 5, 2026 EPSS Score
- Jan 9, 2026 EPSS Score
- Jan 12, 2026 EPSS Score
- Jan 16, 2026 EPSS Score
- Jan 20, 2026 EPSS Score
- Jan 23, 2026 EPSS Score
- Jan 27, 2026 EPSS Score
- Jan 31, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/0489c2b2c3104b89f078dbcec8c744dfc157d3e9 url
- https://git.kernel.org/stable/c/4fe46b5adf18e3dc606e62c9e6a0413398a17572 url
- https://git.kernel.org/stable/c/fa7f2f5d1739452280c22727c4384a52b72ab5de url
- https://git.kernel.org/stable/c/cd98c93286a30cc4588dfd02453bec63c2f4acf4 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-54139 advisory