CVE-2023-54039
Out-of-Bounds Memory Access in Linux Kernel CAN j1939 Module
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds memory access in the Linux kernel's j1939_tp_tx_dat_new() function. It occurs because the memcpy() operation uses the size of skb->cb, which can be larger than the size of the struct j1939_sk_buff_cb, causing it to read beyond the intended memory bounds. The fix involved changing the memcpy() to use the size of struct j1939_sk_buff_cb and adding a compile-time check to ensure skb->cb is large enough to hold the structure, preventing the out-of-bounds access.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory reads in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to access sensitive memory contents. Such memory safety issues can be exploited to compromise system security or cause denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for CVE-2023-54039. The fix involves correcting the memcpy() operation in the j1939_tp_tx_dat_new() function to prevent out-of-bounds memory access. Applying the official kernel patch or upgrading to a patched kernel version will address this issue.