CVE-2023-54285

Advisory lineage Upstream: 0 Downstream: 12

Downstream

DEBIAN-CVE-2023-54285 DLA-4476-1 DSA-6127-1 SUSE-SU-2026:0278-1 SUSE-SU-2026:0281-1 SUSE-SU-2026:0293-1

Analyzed

Published: 30 Dec 2025, 12:23

Last modified:23 May 2026, 15:35

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Dec 2025, 12:23

Published

Vulnerability first disclosed

23 May 2026, 15:35

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: iomap: Fix possible overflow condition in iomap_write_delalloc_scan folio_next_index() returns an unsigned long value which left shifted by PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead use folio_pos(folio) + folio_size(folio), which does this correctly.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
38be53c3fd7f4f4bd5de319a323d72f9f6beb16d | ≥ 38be53c3fd7f4f4bd5de319a323d72f9f6beb16d, < 0c6cf409093f307ee05114f834516730c0da5b21 | ≥ f43dc4dc3eff028b5ddddd99f3a66c5a6bdd4e78, < 5c281b0c5d18c8eeb1cfd5023f4adb153e6d1240 | ≥ f43dc4dc3eff028b5ddddd99f3a66c5a6bdd4e78, < eee2d2e6ea5550118170dbd5bb1316ceb38455fb | ≥ 6.1.92, < 6.1.162 | 6.2
linux•linux_kernel
≥ 6.1.92, < 6.1.162 | ≥ 6.2, < 6.5.5