CVE-2023-53708

Summary

In the Linux kernel, the following vulnerability has been resolved:

ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects

If a badly constructed firmware includes multiple ACPI_TYPE_PACKAGE objects while evaluating the AMD LPS0 _DSM, there will be a memory leak. Explicitly guard against this.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux146f1ed852a87b802ed6e71c31e189c64871383c < 7b7964cd9db30bc84808a40d13a0633b4313f149affected
LinuxLinux146f1ed852a87b802ed6e71c31e189c64871383c < 1ea7e47807279369c82718efd2677ea25c6579e3affected
LinuxLinux146f1ed852a87b802ed6e71c31e189c64871383c < 9e8bbde9293151430884aed882a88eaa22298f72affected
LinuxLinux146f1ed852a87b802ed6e71c31e189c64871383c < 883cf0d4cf288313b71146ddebdf5d647b76c78baffected
LinuxLinux5.11affected
LinuxLinux0 < 5.11unaffected
LinuxLinux5.15.133 <= 5.15.*unaffected
LinuxLinux6.1.55 <= 6.1.*unaffected
LinuxLinux6.5.5 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

References