CVE-2023-54056Type Confusion in Linux

CWE-843Type Confusion7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 86.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination and source buffers. Defining kernel_headers_data as "char" would trip this check. Since these addresses are treated as byte arrays, define them as arrays (as done everywhere else). This was seen with: $ cat /sys/kernel/kheaders.tar.xz >> /dev/null detected buffer overflow in memcpy kernel BUG at lib/strin

Affected Packages4 packages

Linuxlinux/linux_kernel5.2.05.4.243+5
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux43d8ce9d65a54846d378545770991e65838981e0719459877d58c8aced5845c1e5b98d8d87d09197+7
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
kheaders: Use array declaration instead of char2025-12-24
OSV
CVE-2023-54056: In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIG_FORTIFY_SOURCE, memcp2025-12-24
GHSA
GHSA-w8p6-7x4v-892g: In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIG_FORTIFY_SOURCE, mem2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: kheaders: Use array declaration instead of char2025-12-24
Debian
CVE-2023-54056: linux - In the Linux kernel, the following vulnerability has been resolved: kheaders: U...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54056 Impact, Exploitability, and Mitigation Steps | Wiz