CVE-2023-54155Reachable Assertion in Linux

CWE-617Reachable Assertion7 documents6 sources
Severity
4.4MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() Syzkaller reported the following issue: Too BIG xdp->frame_sz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121 ____bpf_xdp_adjust_tail net/core/filter.c:4121 [inline] WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121 bpf_xdp_adjust_tail+0x466/0xa10 net/core/filter.c:4103 ... Call Trace: bpf_prog_4add87e5301a4105+0x1a/0x1c __bpf_prog_run includ

Affected Packages4 packages

Linuxlinux/linux_kernel5.12.05.15.127+2
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux43b5169d8355ccf26d726fbc75f083b2429113e4a09c258cfa77d3ba0a7acc555c73eb6b005c4bd8+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-4jvp-69v8-wvq5: In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() Syzkaller2025-12-24
OSV
net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()2025-12-24
OSV
CVE-2023-54155: In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() Syzkaller re2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of service in network core via incorrect frame size handling2025-12-24
Debian
CVE-2023-54155: linux - In the Linux kernel, the following vulnerability has been resolved: net: core: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54155 Impact, Exploitability, and Mitigation Steps | Wiz