SecuriTricks - CVE-2023-53274

Description

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt8183: Add back SSPM related clocks This reverts commit 860690a93ef23b567f781c1b631623e27190f101. On the MT8183, the SSPM related clocks were removed claiming a lack of usage. This however causes some issues when the driver was converted to the new simple-probe mechanism. This mechanism allocates enough space for all the clocks defined in the clock driver, not the highest index in the DT binding. This leads to out-of-bound writes if their are holes in the DT binding or the driver (due to deprecated or unimplemented clocks). These errors can go unnoticed and cause memory corruption, leading to crashes in unrelated areas, or nothing at all. KASAN will detect them. Add the SSPM related clocks back to the MT8183 clock driver to fully implement the DT binding. The SSPM clocks are for the power management co-processor, and should never be turned off. They are marked as such.

Product(s) Impacted

Vendor	Product	Versions
Mediatek	Mt8183	*
Linux	Linux Kernel	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	mediatek	mt8183	/	/	/	/	/	/	/	/
o	linux	linux_kernel	/	/	/	/	/	/	/	/

References

https://git.kernel.org/stable/c/1eb8d61ac5c9c7ec56bb96d433532807509b9288

https://git.kernel.org/stable/c/45d69917a4af6c869193f95932dc6d6f15d5ef86

Timeline

Published: Sept. 16, 2025, 8:15 a.m.
Last Modified: Sept. 16, 2025, 12:49 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE-2023-53274