CVE-2023-54065Path Equivalence: 'filename ' (Trailing Space) in Linux

7 documents6 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv->chip_data to (void *)priv + sizeof(*priv) with the expectation that priv has enough trailing space. However, only realtek-smi actually allocated this chip_data space. Do likewise in realtek-mdio to fix out-of-bounds accesses. These accesses likely went unnoticed so far, because of an (unused) buf[4096] member in struct realtek_priv, which caused kmallo

Affected Packages4 packages

Linuxlinux/linux_kernel5.18.06.1.23+1
Debianlinux/linux_kernel< 6.1.25-1+2
CVEListV5linux/linuxaac94001067da183455d6d37959892744fa01d9dcc0f9bb99735d2b68fac68f37b585d615728ce5b+3
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-gwcx-q2c7-j3r5: In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv->chip_d2025-12-24
OSV
CVE-2023-54065: In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv->chip_dat2025-12-24
OSV
net: dsa: realtek: fix out-of-bounds access2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: net: dsa: realtek: fix out-of-bounds access2025-12-24
Debian
CVE-2023-54065: linux - In the Linux kernel, the following vulnerability has been resolved: net: dsa: r...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54065 Impact, Exploitability, and Mitigation Steps | Wiz