SB20250916335 - Buffer overflow in Linux kernel mtd ubi driver
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB20250916335
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2023-53271)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ubi_resize_volume() function in drivers/mtd/ubi/vmt.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/07b60f7452d2fa731737552937cb81821919f874
- https://git.kernel.org/stable/c/09780a44093b53f9cbca76246af2e4ff0884e512
- https://git.kernel.org/stable/c/1e591ea072df7211f64542a09482b5f81cb3ad27
- https://git.kernel.org/stable/c/26ec2d66aecab8ff997b912c20247fedba4f5740
- https://git.kernel.org/stable/c/27b760b81951d8d5e5c952a696af8574052b0709
- https://git.kernel.org/stable/c/31d60afe2cc2b712dbefcaab6b7d6a47036f844e
- https://git.kernel.org/stable/c/5c0c81a313492b83bd0c038b8839b0e04eb87563
- https://git.kernel.org/stable/c/95a72417dd13ebcdcb1bd0c5d4d15f7c5bfbb288
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.100