|
Vulnerabilities
< Back

CVE-2023-53068

Updated on 02 May 2025

Severity

5.5 Medium severity

Details

CVSS score
5.5
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

In the Linux kernel, the following vulnerability has been resolved:

net: usb: lan78xx: Limit packet length to skb->len

Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents.

Additionally prevent integer underflow when size is less than ETH_FCS_LEN.

Details

Affected product:
AlmaLinux 9.2 ESU , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , Oracle Linux 7 ELS , TuxCare 9.6 ESU , Ubuntu 16.04 ELS , Ubuntu 18.04 ELS , Ubuntu 20.04 ELS
Affected packages:
kernel @ 4.18.0 (+9 more)

In the Linux kernel, the following vulnerability has been resolved:

net: usb: lan78xx: Limit packet length to skb->len

Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents.

Additionally prevent integer underflow when size is less than ETH_FCS_LEN.

Fixes