CVE-2023-53798

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the ethtool interface related to uninitialized memory. Specifically, the number of lanes is not initialized when setting link modes using the legacy IOCTL interface. This can lead to drivers receiving an uninitialized value for the number of lanes in the struct nethtool link ksettings. When queried, this uninitialized memory can cause the ethtool code to make decisions based on invalid data, potentially resulting in a KMSAN splat. The issue primarily affects the tun driver, which may simply return the uninitialized value. The uninitialized memory is not leaked to user space due to checks within the ethtool ops->cap link lanes supported function. The fix initializes the structure in the IOCTL path. The issue occurs in the tun get link ksettings and tun set link ksettings functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.