CVE-2023-54251Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or Wraparound7 documents6 sources
Severity
5.6MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. syzkaller found zero division error [0] in div_s64_rem() called from get_cycle_time_elapsed(), where sched->cycle_time is the divisor. We have tests in parse_taprio_schedule() so that cycle_time will never be 0, and actually cycle_time is not 0 in get_cycle_time_elapsed(). The problem is that the types of divisor are different; cycle_time is s64, but the a

Affected Packages4 packages

Linuxlinux/linux_kernel5.3.05.15.126+2
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux4cfd5779bd6efe8c76b4494aec63a063be0d2ff2f04f6d9b3b060f7e11219a65a76da65f1489e391+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX.2025-12-30
GHSA
GHSA-mwqv-w7x4-3822: In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX2025-12-30
OSV
CVE-2023-54251: In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX2025-12-30
Debian
CVE-2023-54251: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54251 Impact, Exploitability, and Mitigation Steps | Wiz