CVE-2023-54240

CVSS v2.0

5.5

Medium

Vector

AV:A/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's ethernet functionality, specifically within the mtk eth soc module and the mtk hwlro get fdir all() function. The issue involves a potential NULL pointer dereference that can occur because the size of rule locs is determined by rule cnt received from user space, and this value is not adequately validated before being used. This could lead to a system crash or other unexpected behavior.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-04176

CVE-2023-54240

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

Mtk Eth Soc

CVE-2023-54240

Weakness Enumeration

Related Identifiers

Affected Products

References · 1470