CVE-2023-54110Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or Wraparound7 documents6 sources
Severity
6.7MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and len typed as uint32 in rndis_query function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a unexpectetly large value will cause the sum with len and 8 to overflow and pass the implemented validation step. Consequently the response pointer will be referring to a location past the expected buff

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.224.14.303+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxddda08624013e8435e9f7cfc34a35bd7b3520b6d55782f6d63a5a3dd3b84c1e0627738fc5b146b4e+8
debiandebian/linux< linux 6.1.7-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-cffh-ppgh-4vqx: In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and2025-12-24
OSV
usb: rndis_host: Secure rndis_query check against int overflow2025-12-24
OSV
CVE-2023-54110: In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and l2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: usb: rndis_host: Secure rndis_query check against int overflow2025-12-24
Debian
CVE-2023-54110: linux - In the Linux kernel, the following vulnerability has been resolved: usb: rndis_...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54110 Impact, Exploitability, and Mitigation Steps | Wiz