-
CVE-2023-54114
- EPSS 0.04%
- Veröffentlicht 24.12.2025 13:06:36
- Zuletzt bearbeitet 29.12.2025 15:58:34
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved:
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
As the call trace shows, skb_panic was caused by wrong skb->mac_header
in nsh_gso_segment():
invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 3 PID: 2737 Comm: syz Not tainted 6.3.0-next-20230505 #1
RIP: 0010:skb_panic+0xda/0xe0
call Trace:
skb_push+0x91/0xa0
nsh_gso_segment+0x4f3/0x570
skb_mac_gso_segment+0x19e/0x270
__skb_gso_segment+0x1e8/0x3c0
validate_xmit_skb+0x452/0x890
validate_xmit_skb_list+0x99/0xd0
sch_direct_xmit+0x294/0x7c0
__dev_queue_xmit+0x16f0/0x1d70
packet_xmit+0x185/0x210
packet_snd+0xc15/0x1170
packet_sendmsg+0x7b/0xa0
sock_sendmsg+0x14f/0x160
The root cause is:
nsh_gso_segment() use skb->network_header - nhoff to reset mac_header
in skb_gso_error_unwind() if inner-layer protocol gso fails.
However, skb->network_header may be reset by inner-layer protocol
gso function e.g. mpls_gso_segment. skb->mac_header reset by the
inaccurate network_header will be larger than skb headroom.
nsh_gso_segment
nhoff = skb->network_header - skb->mac_header;
__skb_pull(skb,nsh_len)
skb_mac_gso_segment
mpls_gso_segment
skb_reset_network_header(skb);//skb->network_header+=nsh_len
return -EINVAL;
skb_gso_error_unwind
skb_push(skb, nsh_len);
skb->mac_header = skb->network_header - nhoff;
// skb->mac_header > skb->headroom, cause skb_push panic
Use correct mac_offset to restore mac_header and get rid of nhoff.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
2f88c8d38ecf5ed0273f99a067246899ba499eb2
Version
c411ed854584a71b0e86ac3019b60e4789d88086
Status
affected
Version <
d2309e0cb27b6871b273fbc1725e93be62570d86
Version
c411ed854584a71b0e86ac3019b60e4789d88086
Status
affected
Version <
435855b0831b351cb72cb38369ee33122ce9574c
Version
c411ed854584a71b0e86ac3019b60e4789d88086
Status
affected
Version <
02b20e0bc0c2628539e9e518dc342787c3332de2
Version
c411ed854584a71b0e86ac3019b60e4789d88086
Status
affected
Version <
cdd8160dcda1fed2028a5f96575a84afc23aff7d
Version
c411ed854584a71b0e86ac3019b60e4789d88086
Status
affected
Version <
6fbedf987b6b8ed54a50e2205d998eb2c8be72f9
Version
c411ed854584a71b0e86ac3019b60e4789d88086
Status
affected
Version <
cb38e62922aa3991793344b5a5870e7291c74a44
Version
c411ed854584a71b0e86ac3019b60e4789d88086
Status
affected
Version <
c83b49383b595be50647f0c764a48c78b5f3c4f8
Version
c411ed854584a71b0e86ac3019b60e4789d88086
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
4.14
Status
affected
Version <
4.14
Version
0
Status
unaffected
Version <=
4.14.*
Version
4.14.316
Status
unaffected
Version <=
4.19.*
Version
4.19.284
Status
unaffected
Version <=
5.4.*
Version
5.4.244
Status
unaffected
Version <=
5.10.*
Version
5.10.181
Status
unaffected
Version <=
5.15.*
Version
5.15.113
Status
unaffected
Version <=
6.1.*
Version
6.1.30
Status
unaffected
Version <=
6.3.*
Version
6.3.4
Status
unaffected
Version <=
*
Version
6.4
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|