CVE-2023-54129Improper Input Validation in Linux

CWE-20Improper Input Validation7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware reports to the kernel about the change along with the details like speed, lmac_type_id, etc. Kernel derives lmac_type based on lmac_type_id received from firmware. In a few scenarios, firmware returns an invalid lmac_type_id, which is resulting in below kernel panic. This patch adds the missing validation of the lmac_type_id field. Internal error:

Affected Packages4 packages

Linuxlinux/linux_kernel4.20.06.1.32+2
Debianlinux/linux_kernel< 6.1.37-1+2
CVEListV5linux/linux61071a871ea6eb2125ece91c1a0dbb124a318c8a83a7f27c5b94e43f29f8216a32790751139aa61e+4
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
octeontx2-af: Add validation for lmac type2025-12-24
OSV
CVE-2023-54129: In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware rep2025-12-24
GHSA
GHSA-646g-pwv5-gp8f: In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware r2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: octeontx2-af: Add validation for lmac type2025-12-24
Debian
CVE-2023-54129: linux - In the Linux kernel, the following vulnerability has been resolved: octeontx2-a...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54129 Impact, Exploitability, and Mitigation Steps | Wiz