Input validation error in Linux kernel - CVE-2023-54255
Published: December 30, 2025
Vulnerability identifier: #VU120867
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-54255
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dma_find_base(), dma_base_addr() and sh_dmac_get_dma_residue() functions in arch/sh/drivers/dma/dma-sh.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2023-54255
Install update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/196f6c71905aa384c0177acf194a1144d480333b
- https://git.kernel.org/stable/c/479380acfa63247b5ac62476138f847aefc62692
- https://git.kernel.org/stable/c/4989627157735c1f1619f08e5bc1592418e7c878
- https://git.kernel.org/stable/c/8fb11fa4805699c6b73a9c8a9d45807f9874abe3
- https://git.kernel.org/stable/c/bca700b48c72f4ffeee977a2ed0eb4a6b4b7b8ad
- https://git.kernel.org/stable/c/d1c946552af299f4fa85bf7da15e328123771128
- https://git.kernel.org/stable/c/e82e47584847129a20b8c9f4a1dcde09374fb0e0
- https://git.kernel.org/stable/c/e9e33faea104381bac80ac79328f0540fc2969f2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.4