VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2023-53768

CVE-2023-53768

Description

In the Linux kernel, the following vulnerability has been resolved:

regmap-irq: Fix out-of-bounds access when allocating config buffers

When allocating the 2D array for handling IRQ type registers in regmap_add_irq_chip_fwnode(), the intent is to allocate a matrix with num_config_bases rows and num_config_regs columns.

This is currently handled by allocating a buffer to hold a pointer for each row (i.e. num_config_bases). After that, the logic attempts to allocate the memory required to hold the register configuration for each row. However, instead of doing this allocation for each row (i.e. num_config_bases allocations), the logic erroneously does this allocation num_config_regs number of times.

This scenario can lead to out-of-bounds accesses when num_config_regs is greater than num_config_bases. Fix this by updating the terminating condition of the loop that allocates the memory for holding the register configuration to allocate memory only for each row in the matrix.

Amit Pundir reported a crash that was occurring on his db845c device due to memory corruption (see "Closes" tag for Amit's report). The KASAN report below helped narrow it down to this issue:

[ 14.033877][ T1] ================================================================== [ 14.042507][ T1] BUG: KASAN: invalid-access in regmap_add_irq_chip_fwnode+0x594/0x1364 [ 14.050796][ T1] Write of size 8 at addr 06ffff8081021850 by task init/1

[ 14.242004][ T1] The buggy address belongs to the object at ffffff8081021850 [ 14.242004][ T1] which belongs to the cache kmalloc-8 of size 8 [ 14.255669][ T1] The buggy address is located 0 bytes inside of [ 14.255669][ T1] 8-byte region [ffffff8081021850, ffffff8081021858)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel's regmap-irq, an out-of-bounds write occurs when allocating config buffers due to a loop bound error, leading to memory corruption.

Vulnerability

Description

CVE-2023-53768 is a memory safety issue in the Linux kernel's regmap-irq subsystem. The bug resides in the regmap_add_irq_chip_fwnode() function when allocating a 2D array for IRQ type registers. The intended allocation is a matrix with num_config_bases rows and num_config_regs columns. However, a loop that allocates memory for each row erroneously iterates num_config_regs times instead of num_config_bases times, leading to out-of-bounds writes when num_config_regs exceeds num_config_bases [1][2][3].

Exploitation

An attacker would need to trigger the allocation path in regmap_add_irq_chip_fwnode() with a device tree or ACPI configuration that specifies more config registers than config bases. This can occur during normal system initialization when the kernel probes a device that uses regmap-irq with such a mismatch. No special privileges are required beyond the ability to influence the hardware description (e.g., via a malicious firmware or device tree blob). The KASAN report from Amit Pundir on a db845c device confirms the crash is triggered at boot time [1].

Impact

Successful exploitation results in memory corruption beyond the allocated buffer. The KASAN report shows a write of size 8 to a kmalloc-8 object, indicating a heap overflow. This can lead to system instability, denial of service, or potentially arbitrary code execution, depending on the corrupted data structures. The crash reported by Amit Pundir demonstrates that the bug can cause a system hang or hang [1].

Mitigation

The fix has been applied to the Linux kernel stable branches. Patches are available in commits [1], [2], and [3] for different stable kernel versions. Users should update their kernel to a kernel containing the fix. No workaround is available other than applying the patch.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

3
b1a726ad33e5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
6e7b2337ecd0
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
963b54df82b6
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.