What is CVE-2023-54284?

CVE-2023-54284 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.31 onward and patched in 4.14.315, 4.19.283, 5.4.243 and others. CVE-2023-54284 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54284?

CVE-2023-54284 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54284?

Yes, CVE-2023-54284 has been patched. Fixed versions include 4.14.315, 4.19.283, 5.4.243 and others. If you are running Linux kernel 2.6.31 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54284 actively exploited?

CVE-2023-54284 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54284

In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in write_ts_to_decoder() The buf[4] value comes from the user via ts_play(). It is a value in the u8 range. The final length we pass to av7110_ipack_instant_repack() is "len - (buf[4] + 1) - 4" so add a check to ensure that the length is not negative. It's not clear that passing a negative len value does anything bad necessarily, but it's not best practice. With the new bounds checking the "if (!len)" condition is no longer possible or required so remove that.

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.31 and later are affected. Fixed in 4.14.315, 4.19.283, 5.4.243, 5.10.211, 5.15.111, 6.1.28, 6.2.15, 6.3.2, 6.4 and their respective stable series.

Affected from

≥ 2.6.31

Fixed in

✓ 4.14.315 4.14.x ✓ 4.19.283 4.19.x ✓ 5.4.243 5.4.x ✓ 5.10.211 5.10.x ✓ 5.15.111 5.15.x ✓ 6.1.28 6.1.x ✓ 6.2.15 6.2.x ✓ 6.3.2 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-54284 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/423350af9e27f005611bd881b1df2cab66de943d
Patch
Kernel patch commit
https://git.kernel.org/stable/c/620b983589e0223876bf1463b01100a9c67b56ba
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6606e2404ee9e20a3ae5b42fc3660d41b739ed3e
Patch

9 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54284?

CVE-2023-54284 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.31 onward and has been patched in 4.14.315, 4.19.283, 5.4.243 and others. CVE-2023-54284 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54284?

Yes — CVE-2023-54284 has been patched. Fixed versions include 4.14.315, 4.19.283, 5.4.243 and others. If you are running Linux kernel 2.6.31 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54284 actively exploited?

No — CVE-2023-54284 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.