Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.35, < 4.14.311 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/105db6574281e1e03fcbf87983f4fee111682306Patch
- https://git.kernel.org/stable/c/4a4de0a68b18485c68ab4f0cfa665b1633c6d277Patch
- https://git.kernel.org/stable/c/53966d572d056d6b234cfe76a5f9d60049d3c178Patch
- https://git.kernel.org/stable/c/8ee5df9c039e37b9d8eb5e3de08bfb7f53d31cb6Patch
- https://git.kernel.org/stable/c/9fabdd79051a9fe51388df099aff6e4b660fedd2Patch
- https://git.kernel.org/stable/c/c7bdc137ca163b90917c1eeba4f1937684bd4f8bPatch
- https://git.kernel.org/stable/c/d8b228318935044dafe3a5bc07ee71a1f1424b8dPatch
- https://git.kernel.org/stable/c/e294f0aa47e4844f3d3c8766c02accd5a76a7d4ePatch
FAQ
What is CVE-2023-53125?
CVE-2023-53125 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buf...
How severe is CVE-2023-53125?
CVE-2023-53125 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53125?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.