CVE-2023-54051NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: net: do not allow gso_size to be set to GSO_BY_FRAGS One missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again [1] Do not allow gso_size to be set to GSO_BY_FRAGS (0xffff), because this magic value is used by the kernel. [1] general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077

Affected Packages4 packages

Linuxlinux/linux_kernel4.8.04.14.324+6
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux3953c46c3ac7eef31a9935427371c6f54a22f1baa5f9e5804d239d288d983db36bbed45ed10729a0+8
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
net: do not allow gso_size to be set to GSO_BY_FRAGS2025-12-24
GHSA
GHSA-jqw4-r57w-p985: In the Linux kernel, the following vulnerability has been resolved: net: do not allow gso_size to be set to GSO_BY_FRAGS One missing check in virtio2025-12-24
OSV
CVE-2023-54051: In the Linux kernel, the following vulnerability has been resolved: net: do not allow gso_size to be set to GSO_BY_FRAGS One missing check in virtio_n2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: net: do not allow gso_size to be set to GSO_BY_FRAGS2025-12-24
Debian
CVE-2023-54051: linux - In the Linux kernel, the following vulnerability has been resolved: net: do not...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54051 Impact, Exploitability, and Mitigation Steps | Wiz