CVE-2023-54057
iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
24 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter
The 'acpiid' buffer in the parse_ivrs_acpihid function may overflow,
because the string specifier in the format string sscanf()
has no width limitation.
Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.
Affected products
Linux · LinuxReferences
https://git.kernel.org/stable/c/2ae19ac3ea82a5b87a81c10adbb497c9e58bdd60https://git.kernel.org/stable/c/5e97dc748d13fad582136ba0c8cec215c7aeeb17https://git.kernel.org/stable/c/63cd11165e5e0ea2012254c764003eda1f9adb7dhttps://git.kernel.org/stable/c/b6b26d86c61c441144c72f842f7469bb686e1211https://git.kernel.org/stable/c/c513043e0afe6a8ba79d00af358655afabb576d2https://git.kernel.org/stable/c/f2a5ec7f7b28f9b9cd5fac232ff51019a7f7b9e9