CVE-2023-54110
Integer Overflow in Linux usb-rndis_host Causes Information Leak
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's usb rndis_host component, specifically in the rndis_query function. The variables 'off' and 'len' are 32-bit unsigned integers controlled by incoming RNDIS response messages. An attacker can manipulate 'off' to a very large value, causing an integer overflow when adding 'len' and 8. This overflow bypasses validation checks, allowing the response pointer to reference memory beyond the intended buffer boundaries, which can lead to information leakage, such as exposing permanent MAC addresses via the RNDIS_OID_802_3_PERMANENT_ADDRESS OID.
How can this vulnerability impact me? :
This vulnerability can lead to information leakage by allowing an attacker to access memory beyond the expected buffer boundaries. Specifically, sensitive information like permanent hardware addresses (MAC addresses) could be exposed. This could compromise system confidentiality and potentially aid further attacks or unauthorized access.