-

CVE-2023-54056

EPSS 0.04%
Veröffentlicht 24.12.2025 12:23:04
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

kheaders: Use array declaration instead of char

Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination
and source buffers. Defining kernel_headers_data as "char" would trip
this check. Since these addresses are treated as byte arrays, define
them as arrays (as done everywhere else).

This was seen with:

  $ cat /sys/kernel/kheaders.tar.xz >> /dev/null

  detected buffer overflow in memcpy
  kernel BUG at lib/string_helpers.c:1027!
  ...
  RIP: 0010:fortify_panic+0xf/0x20
  [...]
  Call Trace:
   <TASK>
   ikheaders_read+0x45/0x50 [kheaders]
   kernfs_fop_read_iter+0x1a4/0x2f0
  ...

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 719459877d58c8aced5845c1e5b98d8d87d09197

Version 43d8ce9d65a54846d378545770991e65838981e0

Status affected

Version < fcd2da2e6bf2640a31a2a5b118b50dc3635c707b

Version 43d8ce9d65a54846d378545770991e65838981e0

Status affected

Version < 4a07d2d511e2703efd4387891d49e0326f1157f3

Version 43d8ce9d65a54846d378545770991e65838981e0

Status affected

Version < b9f6845a492de20679b84bda6b08be347c5819da

Version 43d8ce9d65a54846d378545770991e65838981e0

Status affected

Version < d6d1af6b8611801b585c53c0cc63626c8d339e96

Version 43d8ce9d65a54846d378545770991e65838981e0

Status affected

Version < 82d2e01b95c439fe55fab5e04fc83387c42d3a48

Version 43d8ce9d65a54846d378545770991e65838981e0

Status affected

Version < b69edab47f1da8edd8e7bfdf8c70f51a2a5d89fb

Version 43d8ce9d65a54846d378545770991e65838981e0

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.2

Status affected

Version < 5.2

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.243

Status unaffected

Version <= 5.10.*

Version 5.10.180

Status unaffected

Version <= 5.15.*

Version 5.15.111

Status unaffected

Version <= 6.1.*

Version 6.1.28

Status unaffected

Version <= 6.2.*

Version 6.2.15

Status unaffected

Version <= 6.3.*

Version 6.3.2

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.132

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/719459877d58c8aced5845c1e5b98d8d87d09197

https://git.kernel.org/stable/c/fcd2da2e6bf2640a31a2a5b118b50dc3635c707b

https://git.kernel.org/stable/c/4a07d2d511e2703efd4387891d49e0326f1157f3

https://git.kernel.org/stable/c/b9f6845a492de20679b84bda6b08be347c5819da

https://git.kernel.org/stable/c/d6d1af6b8611801b585c53c0cc63626c8d339e96

https://git.kernel.org/stable/c/82d2e01b95c439fe55fab5e04fc83387c42d3a48

https://git.kernel.org/stable/c/b69edab47f1da8edd8e7bfdf8c70f51a2a5d89fb

https://nvd.nist.gov/vuln/detail/CVE-2023-54056

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54056

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54056

EUVD