CVE-2023-54135 | maple_tree: fix potential out-of-bounds access in mas_wr_end_piv()

In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot array if the write extends to the last slot in the node, in which case the node maximum should be used as the end pivot. akpm: this doesn't affect any current callers, but new users of mapletree may encounter this problem if backported into earlier kernels, so let's fix it in -stable kernels in case of this.

Published: 2025-12-24 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2023-54135 is rated Low Risk (3.7/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-54135

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-25	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-54135

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2023-54135

OS Trackers for CVE-2023-54135

vendor	priority	summary	link
`debian`	unimportant	CVE-2023-54135 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2023-54135
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2023-54135
`suse`	medium	CVE-2023-54135 severity moderate: SUSE including 363 source package names (2.1.3-6.115:kernel-default-base-6.4.0-39.1.21.16, 2.1.3-7.95:kernel-default-6.4.0-39.1, …), 802 product×package rows across 152 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/kvm-os-container, … (152 product lines)): Fixed 342, Known Affected 231, Known Not Affected 229.	https://www.suse.com/security/cve/CVE-2023-54135/
`ubuntu`	medium	CVE-2023-54135 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 173, not-affected 139, released 83.	https://ubuntu.com/security/CVE-2023-54135

Affected software / configurations for CVE-2023-54135

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2023-54135

URL	Tags
https://git.kernel.org/stable/c/4e2ad53ababeaac44d71162650984abfe783960c
https://git.kernel.org/stable/c/cd00dd2585c4158e81fdfac0bbcc0446afbad26d
https://git.kernel.org/stable/c/dc4751bd4aba01ccfc02f91adfeee0ba4cda405c
https://git.kernel.org/stable/c/f5fcf6555a2a4f32947d17b92b173837cc652891

cvelogic Threat Intelligence