Out-of-bounds write in Linux kernel - CVE-2023-53474
Published: October 1, 2025 / Updated: October 27, 2025
Vulnerability identifier: #VU116271
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-53474
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the DEFINE_PER_CPU(), smca_set_misc_banks_map(), smca_get_block_address(), prepare_threshold_block(), amd_threshold_interrupt() and mce_threshold_create_device() functions in arch/x86/kernel/cpu/mce/amd.c. A local user can execute arbitrary code.
How to mitigate CVE-2023-53474
Install update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/11c58a0c1937c157dbdf82d5ab634d68c99f3098
- https://git.kernel.org/stable/c/4c1cdec319b9aadb65737c3eb1f5cb74bd6aa156
- https://git.kernel.org/stable/c/67bb7521b6420d81dab7538c0686f18f7d6d09f4
- https://git.kernel.org/stable/c/9669fa17287c3af2bbd4868d4c8fdd9e57f8332e
- https://git.kernel.org/stable/c/a9b9ea0e63a0ec5e97bf1219ab6dcbd55e362f83
- https://git.kernel.org/stable/c/ba8ffb1251eb629c2ec35220e3896cf4f7b888a7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.28