| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123036-CVE-2023-54312-8b23@gregkh> Date: Tue, 30 Dec 2025 13:24:05 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54312: samples/bpf: Fix buffer overflow in tcp_basertt From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcp_basertt Using sizeof(nv) or strlen(nv)+1 is correct. The Linux kernel CVE team has assigned CVE-2023-54312 to this issue. Affected and fixed versions =========================== Issue introduced in 4.15 with commit c890063e440456e75c2e70f6bcec3797f1771eb6 and fixed in 4.19.291 with commit cf7514fedc25675e68b74941df28a883951e70fd Issue introduced in 4.15 with commit c890063e440456e75c2e70f6bcec3797f1771eb6 and fixed in 5.4.251 with commit f394d204d64095d72ad9f03ff98f3f3743bf743a Issue introduced in 4.15 with commit c890063e440456e75c2e70f6bcec3797f1771eb6 and fixed in 5.10.188 with commit bd3e880dce27d225598730d2bbb3dc05b443af22 Issue introduced in 4.15 with commit c890063e440456e75c2e70f6bcec3797f1771eb6 and fixed in 5.15.121 with commit e92f61e0701ea780e57e1be8dbd1fbec5f42c09e Issue introduced in 4.15 with commit c890063e440456e75c2e70f6bcec3797f1771eb6 and fixed in 6.1.39 with commit 56c25f2763a16db4fa1b486e6a21dc246cd992bd Issue introduced in 4.15 with commit c890063e440456e75c2e70f6bcec3797f1771eb6 and fixed in 6.3.13 with commit dfc004688518d24159606289c74d0c4e123e6436 Issue introduced in 4.15 with commit c890063e440456e75c2e70f6bcec3797f1771eb6 and fixed in 6.4.4 with commit 7c08d1b0d1f75117cf82aeaef49ba9f861b3fb59 Issue introduced in 4.15 with commit c890063e440456e75c2e70f6bcec3797f1771eb6 and fixed in 6.5 with commit f4dea9689c5fea3d07170c2cb0703e216f1a0922 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54312 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: samples/bpf/tcp_basertt_kern.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/cf7514fedc25675e68b74941df28a883951e70fd https://git.kernel.org/stable/c/f394d204d64095d72ad9f03ff98f3f3743bf743a https://git.kernel.org/stable/c/bd3e880dce27d225598730d2bbb3dc05b443af22 https://git.kernel.org/stable/c/e92f61e0701ea780e57e1be8dbd1fbec5f42c09e https://git.kernel.org/stable/c/56c25f2763a16db4fa1b486e6a21dc246cd992bd https://git.kernel.org/stable/c/dfc004688518d24159606289c74d0c4e123e6436 https://git.kernel.org/stable/c/7c08d1b0d1f75117cf82aeaef49ba9f861b3fb59 https://git.kernel.org/stable/c/f4dea9689c5fea3d07170c2cb0703e216f1a0922
Powered by blists - more mailing lists