-

CVE-2023-54105

EPSS 0.03%
Veröffentlicht 24.12.2025 13:06:30
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

can: isotp: check CAN address family in isotp_bind()

Add missing check to block non-AF_CAN binds.

Syzbot created some code which matched the right sockaddr struct size
but used AF_XDP (0x2C) instead of AF_CAN (0x1D) in the address family
field:

bind$xdp(r2, &(0x7f0000000540)={0x2c, 0x0, r4, 0x0, r2}, 0x10)
                                ^^^^
This has no funtional impact but the userspace should be notified about
the wrong address family field content.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < de3c02383aa678f6799402ac47fdd89cf4bfcaa9

Version e057dd3fc20ffb3d7f150af46542a51b59b90127

Status affected

Version < 2fc6f337257f4f7c21ecff429241f7acaa6df4e8

Version e057dd3fc20ffb3d7f150af46542a51b59b90127

Status affected

Version < 9427584c2f153d0677ef3bad6f44028c60d728c4

Version e057dd3fc20ffb3d7f150af46542a51b59b90127

Status affected

Version < dd4faace51e41a82a8c0770ee0cc26088f9d9d06

Version e057dd3fc20ffb3d7f150af46542a51b59b90127

Status affected

Version < c6adf659a8ba85913e16a571d5a9bcd17d3d1234

Version e057dd3fc20ffb3d7f150af46542a51b59b90127

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.10

Status affected

Version < 5.10

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.200

Status unaffected

Version <= 5.15.*

Version 5.15.138

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/de3c02383aa678f6799402ac47fdd89cf4bfcaa9

https://git.kernel.org/stable/c/2fc6f337257f4f7c21ecff429241f7acaa6df4e8

https://git.kernel.org/stable/c/9427584c2f153d0677ef3bad6f44028c60d728c4

https://git.kernel.org/stable/c/dd4faace51e41a82a8c0770ee0cc26088f9d9d06

https://git.kernel.org/stable/c/c6adf659a8ba85913e16a571d5a9bcd17d3d1234

https://nvd.nist.gov/vuln/detail/CVE-2023-54105

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54105

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54105

EUVD