DEBIAN-CVE-2023-54104

DEBIAN-CVE-2023-54104 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() 'op-cs' is copied in 'fun->mchip_number' which is used to access the 'mchip_offsets' and the 'rnb_gpio' arrays. These arrays have NAND_MAX_CHIPS elements, so the index must be below this limit. Fix the sanity check in order to avoid the NAND_MAX_CHIPS value. This would lead to out-of-bound accesses.

Affected Products

Vendor	Product	Versions
Debian:12	linux	6.1.38-2, 6.1.38-4~bpo11+1, 0
Debian:14	linux	0, 0, 0
Debian:11	linux	5.10.148-1, 5.10.162-1, 5.10.158-2
Debian:13	linux	0, 0, 0

Timeline

Dec 24, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-54104 advisory

Open in Interactive Console →