CVE-2023-54129

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.210-g2e3169d8e1bc-dirty #17

Description The Linux kernel contains a flaw in the octeontx2-af driver related to the validation of the lmac type id field received from firmware during physical link changes. Specifically, when firmware provides an invalid lmac type id, it can lead to a kernel panic. The issue arises because the kernel derives the lmac type based on this ID without proper validation. The fix involves adding validation for the lmac type id field to prevent the kernel panic. The vulnerable code involves the strncpy function and the cgx link change handler function.

Recommendations Update the Linux kernel to version 5.4.210-g2e3169d8e1bc-dirty #17 or a later version to address this issue.

Exploit

Fix

RCE

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-404

Related Identifiers

BDU:2026-02283

CVE-2023-54129

RHSA-2023:6583

Affected Products

Debian

Linux Kernel

CVE-2023-54129

Weakness Enumeration

Related Identifiers

Affected Products

References · 23