-

CVE-2023-54110

EPSS 0.04%
Veröffentlicht 24.12.2025 13:06:33
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

usb: rndis_host: Secure rndis_query check against int overflow

Variables off and len typed as uint32 in rndis_query function
are controlled by incoming RNDIS response message thus their
value may be manipulated. Setting off to a unexpectetly large
value will cause the sum with len and 8 to overflow and pass
the implemented validation step. Consequently the response
pointer will be referring to a location past the expected
buffer boundaries allowing information leakage e.g. via
RNDIS_OID_802_3_PERMANENT_ADDRESS OID.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 55782f6d63a5a3dd3b84c1e0627738fc5b146b4e

Version ddda08624013e8435e9f7cfc34a35bd7b3520b6d

Status affected

Version < 02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0

Version ddda08624013e8435e9f7cfc34a35bd7b3520b6d

Status affected

Version < ebe6d2fcf7835f98cdbb1bd5e0414be20c321578

Version ddda08624013e8435e9f7cfc34a35bd7b3520b6d

Status affected

Version < 232ef345e5d76e5542f430a29658a85dbef07f0b

Version ddda08624013e8435e9f7cfc34a35bd7b3520b6d

Status affected

Version < 11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95

Version ddda08624013e8435e9f7cfc34a35bd7b3520b6d

Status affected

Version < 39eadaf5611ddd064ad1c53da65c02d2b0fe22a4

Version ddda08624013e8435e9f7cfc34a35bd7b3520b6d

Status affected

Version < a713602807f32afc04add331410c77ef790ef77a

Version ddda08624013e8435e9f7cfc34a35bd7b3520b6d

Status affected

Version < c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2

Version ddda08624013e8435e9f7cfc34a35bd7b3520b6d

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.22

Status affected

Version < 2.6.22

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.303

Status unaffected

Version <= 4.19.*

Version 4.19.270

Status unaffected

Version <= 5.4.*

Version 5.4.229

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.87

Status unaffected

Version <= 6.0.*

Version 6.0.19

Status unaffected

Version <= 6.1.*

Version 6.1.5

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/55782f6d63a5a3dd3b84c1e0627738fc5b146b4e

https://git.kernel.org/stable/c/02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0

https://git.kernel.org/stable/c/ebe6d2fcf7835f98cdbb1bd5e0414be20c321578

https://git.kernel.org/stable/c/232ef345e5d76e5542f430a29658a85dbef07f0b

https://git.kernel.org/stable/c/11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95

https://git.kernel.org/stable/c/39eadaf5611ddd064ad1c53da65c02d2b0fe22a4

https://git.kernel.org/stable/c/a713602807f32afc04add331410c77ef790ef77a

https://git.kernel.org/stable/c/c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2

https://nvd.nist.gov/vuln/detail/CVE-2023-54110

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54110

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54110

EUVD