CVE-2023-54065

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s networking component related to Realtek DSA drivers. Specifically, the issue involves an out-of-bounds access within the probe function when setting the chip data pointer. This occurs because the function expects sufficient trailing space in the priv structure, which is only allocated by realtek-smi. The realtek-mdio driver does not allocate this space, leading to potential memory corruption. The issue may have gone unnoticed in some environments due to the presence of an unused buffer within the realtek priv structure, which caused the memory allocator to round up the buffer size. However, different allocators or the use of Kernel Address Sanitizer (KASAN) can reveal the memory corruption. The vulnerable code involves setting the priv->chip data pointer to (void *)priv + sizeof(*priv).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.