CVE-2023-53125
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/05/2025
Last modified:
02/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: usb: smsc75xx: Limit packet length to skb->len<br />
<br />
Packet length retrieved from skb data may be larger than<br />
the actual socket buffer length (up to 9026 bytes). In such<br />
case the cloned skb passed up the network stack will leak<br />
kernel memory contents.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/105db6574281e1e03fcbf87983f4fee111682306
- https://git.kernel.org/stable/c/4a4de0a68b18485c68ab4f0cfa665b1633c6d277
- https://git.kernel.org/stable/c/53966d572d056d6b234cfe76a5f9d60049d3c178
- https://git.kernel.org/stable/c/8ee5df9c039e37b9d8eb5e3de08bfb7f53d31cb6
- https://git.kernel.org/stable/c/9fabdd79051a9fe51388df099aff6e4b660fedd2
- https://git.kernel.org/stable/c/c7bdc137ca163b90917c1eeba4f1937684bd4f8b
- https://git.kernel.org/stable/c/d8b228318935044dafe3a5bc07ee71a1f1424b8d
- https://git.kernel.org/stable/c/e294f0aa47e4844f3d3c8766c02accd5a76a7d4e