CVE-2023-54236Incorrect Calculation of Buffer Size in Linux

CWE-131Incorrect Calculation of Buffer Size7 documents6 sources
Severity
5.8MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: net/net_failover: fix txq exceeding warning The failover txq is inited as 16 queues. when a packet is transmitted from the failover device firstly, the failover device will select the queue which is returned from the primary device if the primary device is UP and running. If the primary device txq is bigger than the default 16, it can lead to the following warning: eth0 selects TX queue 18, but real number of TX queues is 16

Affected Packages4 packages

Linuxlinux/linux_kernel4.18.05.4.240+4
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxcfc80d9a11635404a40199a1c9471c96890f3f74105cc268328231d5c2bfcbd03f265cec444a3492+6
debiandebian/linux< linux 6.1.25-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-9c88-mg4g-wxx2: In the Linux kernel, the following vulnerability has been resolved: net/net_failover: fix txq exceeding warning The failover txq is inited as 16 que2025-12-30
OSV
net/net_failover: fix txq exceeding warning2025-12-30
OSV
CVE-2023-54236: In the Linux kernel, the following vulnerability has been resolved: net/net_failover: fix txq exceeding warning The failover txq is inited as 16 queue2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: net/net_failover: fix txq exceeding warning2025-12-30
Debian
CVE-2023-54236: linux - In the Linux kernel, the following vulnerability has been resolved: net/net_fai...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54236 Impact, Exploitability, and Mitigation Steps | Wiz