CVE-2023-54039
Unknown Unknown - Not Provided
Out-of-Bounds Memory Access in Linux Kernel CAN j1939 Module

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access In the j1939_tp_tx_dat_new() function, an out-of-bounds memory access could occur during the memcpy() operation if the size of skb->cb is larger than the size of struct j1939_sk_buff_cb. This is because the memcpy() operation uses the size of skb->cb, leading to a read beyond the struct j1939_sk_buff_cb. Updated the memcpy() operation to use the size of struct j1939_sk_buff_cb instead of the size of skb->cb. This ensures that the memcpy() operation only reads the memory within the bounds of struct j1939_sk_buff_cb, preventing out-of-bounds memory access. Additionally, add a BUILD_BUG_ON() to check that the size of skb->cb is greater than or equal to the size of struct j1939_sk_buff_cb. This ensures that the skb->cb buffer is large enough to hold the j1939_sk_buff_cb structure. [mkl: rephrase commit message]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54039
EUVD
EUVD-2025-205114
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds memory access in the Linux kernel's j1939_tp_tx_dat_new() function. It occurs because the memcpy() operation uses the size of skb->cb, which can be larger than the size of the struct j1939_sk_buff_cb, causing it to read beyond the intended memory bounds. The fix involved changing the memcpy() to use the size of struct j1939_sk_buff_cb and adding a compile-time check to ensure skb->cb is large enough to hold the structure, preventing the out-of-bounds access.

Impact Analysis

This vulnerability can lead to out-of-bounds memory reads in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to access sensitive memory contents. Such memory safety issues can be exploited to compromise system security or cause denial of service.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for CVE-2023-54039. The fix involves correcting the memcpy() operation in the j1939_tp_tx_dat_new() function to prevent out-of-bounds memory access. Applying the official kernel patch or upgrading to a patched kernel version will address this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54039. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart