CVE-2023-54065
Unknown Unknown - Not Provided
Out-of-Bounds Access in Linux Kernel Realtek DSA Driver

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv->chip_data to (void *)priv + sizeof(*priv) with the expectation that priv has enough trailing space. However, only realtek-smi actually allocated this chip_data space. Do likewise in realtek-mdio to fix out-of-bounds accesses. These accesses likely went unnoticed so far, because of an (unused) buf[4096] member in struct realtek_priv, which caused kmalloc to round up the allocated buffer to a big enough size, so nothing of value was overwritten. With a different allocator (like in the barebox bootloader port of the driver) or with KASAN, the memory corruption becomes quickly apparent.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54065
EUVD
EUVD-2023-60261
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
realtek realtek_kernel_driver *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an out-of-bounds memory access in the Linux kernel's Realtek network driver. Specifically, the probe function incorrectly sets a pointer (priv->chip_data) assuming there is enough allocated space after the priv structure, but this space is only allocated in one variant (realtek-smi) and not in realtek-mdio. This leads to accessing memory beyond the allocated buffer, which can cause memory corruption. The issue was masked previously due to overallocation caused by a large unused buffer, but it becomes apparent with different memory allocators or debugging tools like KASAN.


How can this vulnerability impact me? :

This vulnerability can lead to memory corruption in the Linux kernel when using the affected Realtek network driver. Memory corruption can cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges if exploited. The impact depends on the environment and whether the vulnerable driver is in use.


What immediate steps should I take to mitigate this vulnerability?

Update the Linux kernel to a version where the realtek-mdio driver has been fixed to allocate chip_data space properly, similar to realtek-smi, to prevent out-of-bounds memory access. Avoid using kernel configurations or environments that expose this vulnerability, such as those with different allocators or KASAN enabled, until patched.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by enabling Kernel Address Sanitizer (KASAN) to identify out-of-bounds memory accesses in the realtek-mdio driver. Since the issue involves out-of-bounds access in kernel memory, running the kernel with KASAN enabled can reveal memory corruption related to this flaw. There are no specific network commands to detect this vulnerability directly. To enable KASAN, you can configure your kernel with CONFIG_KASAN=y and reboot. Then, monitor dmesg or kernel logs for KASAN reports indicating out-of-bounds accesses in the realtek-mdio driver.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart