{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53274", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-16T08:09:37.990Z", "datePublished": "2025-09-16T08:11:09.549Z", "dateUpdated": "2025-09-16T08:11:09.549Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-16T08:11:09.549Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: mt8183: Add back SSPM related clocks\n\nThis reverts commit 860690a93ef23b567f781c1b631623e27190f101.\n\nOn the MT8183, the SSPM related clocks were removed claiming a lack of\nusage. This however causes some issues when the driver was converted to\nthe new simple-probe mechanism. This mechanism allocates enough space\nfor all the clocks defined in the clock driver, not the highest index\nin the DT binding. This leads to out-of-bound writes if their are holes\nin the DT binding or the driver (due to deprecated or unimplemented\nclocks). These errors can go unnoticed and cause memory corruption,\nleading to crashes in unrelated areas, or nothing at all. KASAN will\ndetect them.\n\nAdd the SSPM related clocks back to the MT8183 clock driver to fully\nimplement the DT binding. The SSPM clocks are for the power management\nco-processor, and should never be turned off. They are marked as such."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/mediatek/clk-mt8183.c"], "versions": [{"version": "3f37ba7cc385ba07762ffcd7ac38af8c0f84dd3e", "lessThan": "45d69917a4af6c869193f95932dc6d6f15d5ef86", "status": "affected", "versionType": "git"}, {"version": "3f37ba7cc385ba07762ffcd7ac38af8c0f84dd3e", "lessThan": "1eb8d61ac5c9c7ec56bb96d433532807509b9288", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/mediatek/clk-mt8183.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.10", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.4.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/45d69917a4af6c869193f95932dc6d6f15d5ef86"}, {"url": "https://git.kernel.org/stable/c/1eb8d61ac5c9c7ec56bb96d433532807509b9288"}], "title": "clk: mediatek: mt8183: Add back SSPM related clocks", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: mt8183: Add back SSPM related clocks\n\nThis reverts commit 860690a93ef23b567f781c1b631623e27190f101.\n\nOn the MT8183, the SSPM related clocks were removed claiming a lack of\nusage. This however causes some issues when the driver was converted to\nthe new simple-probe mechanism. This mechanism allocates enough space\nfor all the clocks defined in the clock driver, not the highest index\nin the DT binding. This leads to out-of-bound writes if their are holes\nin the DT binding or the driver (due to deprecated or unimplemented\nclocks). These errors can go unnoticed and cause memory corruption,\nleading to crashes in unrelated areas, or nothing at all. KASAN will\ndetect them.\n\nAdd the SSPM related clocks back to the MT8183 clock driver to fully\nimplement the DT binding. The SSPM clocks are for the power management\nco-processor, and should never be turned off. They are marked as such."}], "id": "CVE-2023-53274", "lastModified": "2025-09-16T12:49:16.060", "metrics": {}, "published": "2025-09-16T08:15:36.243", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1eb8d61ac5c9c7ec56bb96d433532807509b9288"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/45d69917a4af6c869193f95932dc6d6f15d5ef86"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: clk: mediatek: mt8183: Add back SSPM related clocks", "id": "2395697", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395697"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2023-53274", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-09-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53274\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53274\nhttps://lore.kernel.org/linux-cve-announce/2025091623-CVE-2023-53274-4529@gregkh/T"], "threat_severity": "Moderate"}