CVE-2023-54114

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-next-20230505 #1

Description The issue lies within the network stack, specifically in the handling of Network Namespace Segmentation (NSH) with Generic Segmentation Offload (GSO). A flaw in the nsh gso segment() function can lead to an incorrect calculation of the mac header offset when unwinding a GSO segment, potentially causing a skb panic due to a larger mac header than the available headroom. This occurs when the inner-layer protocol GSO fails and the skb gso error unwind() function is called. The root cause is the use of skb->network header - nhoff to reset the mac header, which can become inaccurate after the inner-layer protocol GSO function, such as mpls gso segment(), resets the network header. The function skb reset network header() is involved in this process.

Recommendations Versions prior to 6.3.0-next-20230505 #1 should be updated to a newer version that includes the fix for this issue.