CVE-2023-54056

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to kheaders. Specifically, the use of a 'char' declaration instead of an array declaration for kernel headers data could trigger a buffer overflow check within the memcpy() function when CONFIG FORTIFY SOURCE is enabled. This issue was observed when attempting to read the kheaders archive via '/sys/kernel/kheaders.tar.xz', leading to a kernel panic and a detected buffer overflow in memcpy at lib/string helpers.c. The issue occurs because the addresses are treated as byte arrays, and defining them as 'char' trips the size check.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.