Bug 2401500 (CVE-2023-53598)

Summary: CVE-2023-53598 kernel: bus: mhi: host: Range check CHDBOFF and ERDBOFF
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A missing bounds check flaw was found in the Linux kernel's Modem Host Interface bus driver in the channel doorbell offset validation logic. A local user can trigger this issue on systems with MHI devices (typically Qualcomm modems or wireless cards) by using a device that provides malformed or malicious channel configuration data during initialization, causing an out-of-bounds array access. This leads to kernel memory corruption resulting in a panic or denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-10-04 16:04:12 UTC 
In the Linux kernel, the following vulnerability has been resolved:

bus: mhi: host: Range check CHDBOFF and ERDBOFF

If the value read from the CHDBOFF and ERDBOFF registers is outside the
range of the MHI register space then an invalid address might be computed
which later causes a kernel panic.  Range check the read value to prevent
a crash due to bad data from the device.
Comment 1 Alexander B 2025-10-06 15:14:02 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100429-CVE-2023-53598-cbd8@gregkh/T