CVE-2023-54090Improper Validation of Specified Index, Position, or Offset in Input in Linux

CWE-1285Improper Validation of Specified Index, Position, or Offset in Input7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix panic during XDP_TX with > 64 CPUs Commit 4fe815850bdc ("ixgbe: let the xdpdrv work with more than 64 cpus") adds support to allow XDP programs to run on systems with more than 64 CPUs by locking the XDP TX rings and indexing them using cpu % 64 (IXGBE_MAX_XDP_QS). Upon trying this out patch on a system with more than 64 cores, the kernel paniced with an array-index-out-of-bounds at the return in ixgbe_determine_xd

Affected Packages4 packages

Linuxlinux/linux_kernel5.16.06.1.29+2
Debianlinux/linux_kernel< 6.1.37-1+2
CVEListV5linux/linux4fe815850bdc8d4cc94e06fe1de069424a8958261924450175349e64f8dfc3689efcb653dba0418e+4
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-vfj6-525r-34p4: In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix panic during XDP_TX with > 64 CPUs Commit 4fe815850bdc ("ixgbe: let t2025-12-24
OSV
ixgbe: Fix panic during XDP_TX with > 64 CPUs2025-12-24
OSV
CVE-2023-54090: In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix panic during XDP_TX with > 64 CPUs Commit 4fe815850bdc ("ixgbe: let the2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: ixgbe: Fix panic during XDP_TX with > 64 CPUs2025-12-24
Debian
CVE-2023-54090: linux - In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54090 Impact, Exploitability, and Mitigation Steps | Wiz