CVE-2023-54105Improper Validation of Specified Type of Input in Linux

CWE-1287Improper Validation of Specified Type of Input7 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotp_bind() Add missing check to block non-AF_CAN binds. Syzbot created some code which matched the right sockaddr struct size but used AF_XDP (0x2C) instead of AF_CAN (0x1D) in the address family field: bind$xdp(r2, &(0x7f0000000540)={0x2c, 0x0, r4, 0x0, r2}, 0x10) ^^^^ This has no funtional impact but the userspace should be notified about the wrong address family field content.

Affected Packages4 packages

Linuxlinux/linux_kernel5.10.05.10.200+3
Debianlinux/linux_kernel< 5.10.205-1+3
CVEListV5linux/linuxe057dd3fc20ffb3d7f150af46542a51b59b90127de3c02383aa678f6799402ac47fdd89cf4bfcaa9+5
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
can: isotp: check CAN address family in isotp_bind()2025-12-24
GHSA
GHSA-pg9h-x33j-cfq7: In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotp_bind() Add missing check to block2025-12-24
OSV
CVE-2023-54105: In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotp_bind() Add missing check to block no2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: can: isotp: check CAN address family in isotp_bind()2025-12-24
Debian
CVE-2023-54105: linux - In the Linux kernel, the following vulnerability has been resolved: can: isotp:...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54105 Impact, Exploitability, and Mitigation Steps | Wiz