CVE-2023-54145
Buffer Overflow Risk in Linux Kernel BPF Verifier Log
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's BPF verifier log buffer, which has a fixed size of 1024 bytes. Users can easily trigger a 'verifier log line truncated' warning because the buffer may not be large enough to hold all user-provided information, such as BTF names and BTF.ext source code lines, which can be arbitrarily long. The fix was to drop the unnecessary user-triggerable WARN_ONCE warning, allowing the code to work correctly even if part of a single line output is truncated.
How can this vulnerability impact me? :
The impact of this vulnerability is minimal in terms of system functionality or security. It mainly causes a warning message ('verifier log line truncated') to be triggered unnecessarily when users provide large inputs. The fix removes this warning, and the verifier continues to function correctly, possibly truncating part of a single line in the log output without affecting overall operation.