CVE-2023-54145Insufficient Resource Pool in Linux

CWE-410Insufficient Resource Pool7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes (as of now), and there are at least two pieces of user-provided information that can be output through this buffer, and both can be arbitrarily sized by user: - BTF names; - BTF.ext source code lines strings. Verifier log buffer should be p

Affected Packages4 packages

Linuxlinux/linux_kernel4.15.06.1.107+1
Debianlinux/linux_kernel< 6.1.112-1+2
CVEListV5linux/linuxa2a7d5701052542cd2260e7659b12443e0a7473340c88c429a598006f91ad7a2b89856cd50b3a008+3
debiandebian/linux< linux 6.1.112-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54145: In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for2025-12-24
OSV
bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log2025-12-24
GHSA
GHSA-m575-6r3m-823p: In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial f2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: BPF verifier log truncation via crafted user input2025-12-24
Debian
CVE-2023-54145: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: drop u...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54145 Impact, Exploitability, and Mitigation Steps | Wiz