SB20250916368 - Out-of-bounds write in Linux kernel mtd ubi driver
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB20250916368
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2023-53265)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the io_init() function in drivers/mtd/ubi/build.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1b42b1a36fc946f0d7088425b90d491b4257ca3e
- https://git.kernel.org/stable/c/61aeba0e4b4124cfe3c5427feaf29c626dfa89e5
- https://git.kernel.org/stable/c/61e04db3bec87f7dd10074296deb7d083e2ccade
- https://git.kernel.org/stable/c/701bb3ed5a88a73ebbe1266895bdeff065226dca
- https://git.kernel.org/stable/c/771e207a839a29ba943e89f473b0fecd16089e2e
- https://git.kernel.org/stable/c/846bfba34175c23b13cc2023c2d67b96e8c14c43
- https://git.kernel.org/stable/c/e1b73fe4f4c6bb80755eb4bf4b867a8fd8b1a7fe
- https://git.kernel.org/stable/c/f7adb740f97b6fa84e658892dcb08e37a31a4e77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.235