-

CVE-2023-54039

EPSS 0.04%
Veröffentlicht 24.12.2025 10:56:05
Zuletzt bearbeitet 29.12.2025 15:58:56
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access

In the j1939_tp_tx_dat_new() function, an out-of-bounds memory access
could occur during the memcpy() operation if the size of skb->cb is
larger than the size of struct j1939_sk_buff_cb. This is because the
memcpy() operation uses the size of skb->cb, leading to a read beyond
the struct j1939_sk_buff_cb.

Updated the memcpy() operation to use the size of struct
j1939_sk_buff_cb instead of the size of skb->cb. This ensures that the
memcpy() operation only reads the memory within the bounds of struct
j1939_sk_buff_cb, preventing out-of-bounds memory access.

Additionally, add a BUILD_BUG_ON() to check that the size of skb->cb
is greater than or equal to the size of struct j1939_sk_buff_cb. This
ensures that the skb->cb buffer is large enough to hold the
j1939_sk_buff_cb structure.

[mkl: rephrase commit message]

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d2136f05690c272dfc9f9d6efcc51d5f53494b33

Version 9d71dd0c70099914fcd063135da3c580865e924c

Status affected

Version < 70caa596d158a5d84b117f722d58f3ea503a5ba9

Version 9d71dd0c70099914fcd063135da3c580865e924c

Status affected

Version < 4fe1d9b6231a68ffc91318f57fd8e4982f028cf7

Version 9d71dd0c70099914fcd063135da3c580865e924c

Status affected

Version < 4c3fb22a6ec68258ee129a2e6b720f43dffc562f

Version 9d71dd0c70099914fcd063135da3c580865e924c

Status affected

Version < 36befc9aed6202b4a9b906529aea13eacd7e34ff

Version 9d71dd0c70099914fcd063135da3c580865e924c

Status affected

Version < b45193cb4df556fe6251b285a5ce44046dd36b4a

Version 9d71dd0c70099914fcd063135da3c580865e924c

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.4

Status affected

Version < 5.4

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.241

Status unaffected

Version <= 5.10.*

Version 5.10.178

Status unaffected

Version <= 5.15.*

Version 5.15.107

Status unaffected

Version <= 6.1.*

Version 6.1.24

Status unaffected

Version <= 6.2.*

Version 6.2.11

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/d2136f05690c272dfc9f9d6efcc51d5f53494b33

https://git.kernel.org/stable/c/70caa596d158a5d84b117f722d58f3ea503a5ba9

https://git.kernel.org/stable/c/4fe1d9b6231a68ffc91318f57fd8e4982f028cf7

https://git.kernel.org/stable/c/4c3fb22a6ec68258ee129a2e6b720f43dffc562f

https://git.kernel.org/stable/c/36befc9aed6202b4a9b906529aea13eacd7e34ff

https://git.kernel.org/stable/c/b45193cb4df556fe6251b285a5ce44046dd36b4a

https://nvd.nist.gov/vuln/detail/CVE-2023-54039

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54039

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54039

EUVD