-

CVE-2023-54056

EPSS 0.06%
Veröffentlicht 24.12.2025 12:23:04
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

kheaders: Use array declaration instead of char

In the Linux kernel, the following vulnerability has been resolved:

kheaders: Use array declaration instead of char

Under CONFIG_FORTIFY_SOURCE, memcpy() will check the size of destination
and source buffers. Defining kernel_headers_data as "char" would trip
this check. Since these addresses are treated as byte arrays, define
them as arrays (as done everywhere else).

This was seen with:

  $ cat /sys/kernel/kheaders.tar.xz >> /dev/null

  detected buffer overflow in memcpy
  kernel BUG at lib/string_helpers.c:1027!
  ...
  RIP: 0010:fortify_panic+0xf/0x20
  [...]
  Call Trace:
   <TASK>
   ikheaders_read+0x45/0x50 [kheaders]
   kernfs_fop_read_iter+0x1a4/0x2f0
  ...

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 43d8ce9d65a54846d378545770991e65838981e0

Version < 719459877d58c8aced5845c1e5b98d8d87d09197

Status affected

Version 43d8ce9d65a54846d378545770991e65838981e0

Version < fcd2da2e6bf2640a31a2a5b118b50dc3635c707b

Status affected

Version 43d8ce9d65a54846d378545770991e65838981e0

Version < 4a07d2d511e2703efd4387891d49e0326f1157f3

Status affected

Version 43d8ce9d65a54846d378545770991e65838981e0

Version < b9f6845a492de20679b84bda6b08be347c5819da

Status affected

Version 43d8ce9d65a54846d378545770991e65838981e0

Version < d6d1af6b8611801b585c53c0cc63626c8d339e96

Status affected

Version 43d8ce9d65a54846d378545770991e65838981e0

Version < 82d2e01b95c439fe55fab5e04fc83387c42d3a48

Status affected

Version 43d8ce9d65a54846d378545770991e65838981e0

Version < b69edab47f1da8edd8e7bfdf8c70f51a2a5d89fb

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.2

Status affected

Version 0

Version < 5.2

Status unaffected

Version <= 5.4.*

Version 5.4.243

Status unaffected

Version <= 5.10.*

Version 5.10.180

Status unaffected

Version <= 5.15.*

Version 5.15.111

Status unaffected

Version <= 6.1.*

Version 6.1.28

Status unaffected

Version <= 6.2.*

Version 6.2.15

Status unaffected

Version <= 6.3.*

Version 6.3.2

Status unaffected

Version <= *

Version 6.4

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.18

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/719459877d58c8aced5845c1e5b98d8d87d09197

https://git.kernel.org/stable/c/fcd2da2e6bf2640a31a2a5b118b50dc3635c707b

https://git.kernel.org/stable/c/4a07d2d511e2703efd4387891d49e0326f1157f3

https://git.kernel.org/stable/c/b9f6845a492de20679b84bda6b08be347c5819da

https://git.kernel.org/stable/c/d6d1af6b8611801b585c53c0cc63626c8d339e96

https://git.kernel.org/stable/c/82d2e01b95c439fe55fab5e04fc83387c42d3a48

https://git.kernel.org/stable/c/b69edab47f1da8edd8e7bfdf8c70f51a2a5d89fb

https://nvd.nist.gov/vuln/detail/CVE-2023-54056

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54056

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54056

EUVD