CVE-2023-54255 | sh: dma: Fix DMA channel offset calculation

In the Linux kernel, the following vulnerability has been resolved: sh: dma: Fix DMA channel offset calculation Various SoCs of the SH3, SH4 and SH4A family, which use this driver, feature a differing number of DMA channels, which can be distributed between up to two DMAC modules. The existing implementation fails to correctly accommodate for all those variations, resulting in wrong channel offset calculations and leading to kernel panics. Rewrite dma_base_addr() in order to properly calculate channel offsets in a DMAC module. Fix dmaor_read_reg() and dmaor_write_reg(), so that the correct DMAC module base is selected for the DMAOR register.

Published: 2025-12-30 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2023-54255 is rated Low Risk (6/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-54255

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-31	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-54255

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2023-54255

OS Trackers for CVE-2023-54255

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2023-54255 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2023-54255
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2023-54255
`suse`	medium	CVE-2023-54255 severity moderate: SUSE including 370 source package names (2.1.3-6.115:kernel-default-base-6.4.0-39.1.21.16, 2.1.3-7.146:kernel-rt-6.4.0-40.1, …), 852 product×package rows across 165 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/kvm-os-container, … (165 product lines)): Fixed 385, Known Not Affected 236, Known Affected 231.	https://www.suse.com/security/cve/CVE-2023-54255/
`ubuntu`	medium	CVE-2023-54255 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 177, released 133, not-affected 65, needed 19, needs-triage 1.	https://ubuntu.com/security/CVE-2023-54255

Affected software / configurations for CVE-2023-54255

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2023-54255

URL	Tags
https://git.kernel.org/stable/c/196f6c71905aa384c0177acf194a1144d480333b
https://git.kernel.org/stable/c/479380acfa63247b5ac62476138f847aefc62692
https://git.kernel.org/stable/c/4989627157735c1f1619f08e5bc1592418e7c878
https://git.kernel.org/stable/c/8fb11fa4805699c6b73a9c8a9d45807f9874abe3
https://git.kernel.org/stable/c/bca700b48c72f4ffeee977a2ed0eb4a6b4b7b8ad
https://git.kernel.org/stable/c/d1c946552af299f4fa85bf7da15e328123771128
https://git.kernel.org/stable/c/e82e47584847129a20b8c9f4a1dcde09374fb0e0
https://git.kernel.org/stable/c/e9e33faea104381bac80ac79328f0540fc2969f2

cvelogic Threat Intelligence