CVE-2023-54186 | usb: typec: altmodes/displayport: fix pin_assignment_show

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: fix pin_assignment_show This patch fixes negative indexing of buf array in pin_assignment_show when get_current_pin_assignments returns 0 i.e. no compatible pin assignments are found. BUG: KASAN: use-after-free in pin_assignment_show+0x26c/0x33c ... Call trace: dump_backtrace+0x110/0x204 dump_stack_lvl+0x84/0xbc print_report+0x358/0x974 kasan_report+0x9c/0xfc __do_kernel_fault+0xd4/0x2d4 do_bad_area+0x48/0x168 do_tag_check_fault+0x24/0x38 do_mem_abort+0x6c/0x14c el1_abort+0x44/0x68 el1h_64_sync_handler+0x64/0xa4 el1h_64_sync+0x78/0x7c pin_assignment_show+0x26c/0x33c dev_attr_show+0x50/0xc0

Published: 2025-12-30 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2023-54186 is rated Low Risk (7.1/100): low exploitation likelihood (EPSS 0.17%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-54186

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.02%	0.17%	+0.15%
2	2025-12-31	—	0.02%	—

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-54186

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2023-54186

OS Trackers for CVE-2023-54186

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2023-54186 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2023-54186
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2023-54186
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2023-54186/
`ubuntu`	medium	CVE-2023-54186 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 173, released 133, not-affected 88, needs-triage 1.	https://ubuntu.com/security/CVE-2023-54186

Affected software / configurations for CVE-2023-54186

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2023-54186

URL	Tags
https://git.kernel.org/stable/c/08bd1be1c716fd50a7df48f82dcbc59a103082b5
https://git.kernel.org/stable/c/0e61a7432fcd4bca06f05b7f1c7d7cb461880fe2
https://git.kernel.org/stable/c/4f9c0a7c272626cb6716ffc7800e8c73260cdce6
https://git.kernel.org/stable/c/54ee23e4ab263a495ace1eed43d3883212ece17f
https://git.kernel.org/stable/c/d8f28269dd4bf9b55c3fb376ae31512730a96fce
https://git.kernel.org/stable/c/fc0e18f95c88435bd8a1ceb540243cd7fbcd9781
https://git.kernel.org/stable/c/ff466f77d0a56719979c4234abd412abd98eae8f

cvelogic Threat Intelligence