VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54135

CVE-2023-54135

Description

In the Linux kernel, the following vulnerability has been resolved:

maple_tree: fix potential out-of-bounds access in mas_wr_end_piv()

Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot array if the write extends to the last slot in the node, in which case the node maximum should be used as the end pivot.

akpm: this doesn't affect any current callers, but new users of mapletree may encounter this problem if backported into earlier kernels, so let's fix it in -stable kernels in case of this.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Fix for out-of-bounds pivot array access in Linux kernel maple tree's mas_wr_end_piv() when write extends to last slot.

Vulnerability

The mas_wr_end_piv() function in the Linux kernel's maple tree implementation lacked proper bounds checking on the write offset end before using it as an index into the pivot array. When a write operation extends to the last slot in a node, the code could access beyond the allocated pivot array, potentially causing an out-of-bounds read or write [1][2].

Exploitation

Currently, no in-tree callers trigger this path, so the vulnerability is not directly exploitable in upstream kernels. However, if the fix is backported into earlier stable kernels that may have new users of the maple tree, the issue could be triggered by those new callers. Exploitation would require a crafted write operation that exceeds the node's pivot boundaries [2].

Impact

An out-of-bounds access on the pivot array could lead to memory corruption, information disclosure, or system instability. Since the maple tree is used for memory management, any corruption could have wide-ranging effects on system security and stability [1].

Mitigation

The fix has been applied in stable kernel branches (as seen in commits [1] and [2]). Users are advised to update their kernels to the latest stable release that includes this patch. No workarounds are available other than applying the fix.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

4
4e2ad53ababe
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
dc4751bd4aba
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f5fcf6555a2a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
cd00dd2585c4
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.