CVE-2023-54004NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). syzbot reported [0] a null-ptr-deref in sk_get_rmem0() while using IPPROTO_UDPLITE (0x88): 14:25:52 executing program 1: r0 = socket$inet6(0xa, 0x80002, 0x88) We had a similar report [1] for probably sk_memory_allocated_add() in __sk_mem_raise_allocated(), and commit c915fe13cbaa ("udplite: fix NULL pointer dereference") fixed it by setting .memory_allocate

Affected Packages4 packages

Linuxlinux/linux_kernel4.10.04.19.284+5
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux850cbaddb52dfd4e0c7cabe2c168dd34b44ae0b9cc56de054d828935aa37734b479f82fa34b5f9bd+7
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().2025-12-24
OSV
CVE-2023-54004: In the Linux kernel, the following vulnerability has been resolved: udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated()2025-12-24
GHSA
GHSA-qcjw-844g-q2q4: In the Linux kernel, the following vulnerability has been resolved: udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated()2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel UDPLITE: Denial of Service via null pointer dereference2025-12-24
Debian
CVE-2023-54004: linux - In the Linux kernel, the following vulnerability has been resolved: udplite: Fi...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54004 Impact, Exploitability, and Mitigation Steps | Wiz