| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122429-CVE-2023-54065-1de4@gregkh> Date: Wed, 24 Dec 2025 13:26:58 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54065: net: dsa: realtek: fix out-of-bounds access From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv->chip_data to (void *)priv + sizeof(*priv) with the expectation that priv has enough trailing space. However, only realtek-smi actually allocated this chip_data space. Do likewise in realtek-mdio to fix out-of-bounds accesses. These accesses likely went unnoticed so far, because of an (unused) buf[4096] member in struct realtek_priv, which caused kmalloc to round up the allocated buffer to a big enough size, so nothing of value was overwritten. With a different allocator (like in the barebox bootloader port of the driver) or with KASAN, the memory corruption becomes quickly apparent. The Linux kernel CVE team has assigned CVE-2023-54065 to this issue. Affected and fixed versions =========================== Issue introduced in 5.18 with commit aac94001067da183455d6d37959892744fa01d9d and fixed in 6.1.23 with commit cc0f9bb99735d2b68fac68f37b585d615728ce5b Issue introduced in 5.18 with commit aac94001067da183455d6d37959892744fa01d9d and fixed in 6.2.10 with commit fe668aa499b4b95425044ba11af9609db6ecf466 Issue introduced in 5.18 with commit aac94001067da183455d6d37959892744fa01d9d and fixed in 6.3 with commit b93eb564869321d0dffaf23fcc5c88112ed62466 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54065 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/dsa/realtek/realtek-mdio.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/cc0f9bb99735d2b68fac68f37b585d615728ce5b https://git.kernel.org/stable/c/fe668aa499b4b95425044ba11af9609db6ecf466 https://git.kernel.org/stable/c/b93eb564869321d0dffaf23fcc5c88112ed62466
Powered by blists - more mailing lists