CVE-2023-54145
Unknown Unknown - Not Provided
Buffer Overflow Risk in Linux Kernel BPF Verifier Log

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes (as of now), and there are at least two pieces of user-provided information that can be output through this buffer, and both can be arbitrarily sized by user: - BTF names; - BTF.ext source code lines strings. Verifier log buffer should be properly sized for typical verifier state output. But it's sort-of expected that this buffer won't be long enough in some circumstances. So let's drop the check. In any case code will work correctly, at worst truncating a part of a single line output.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54145
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's BPF verifier log buffer, which has a fixed size of 1024 bytes. Users can easily trigger a 'verifier log line truncated' warning because the buffer may not be large enough to hold all user-provided information, such as BTF names and BTF.ext source code lines, which can be arbitrarily long. The fix was to drop the unnecessary user-triggerable WARN_ONCE warning, allowing the code to work correctly even if part of a single line output is truncated.

Impact Analysis

The impact of this vulnerability is minimal in terms of system functionality or security. It mainly causes a warning message ('verifier log line truncated') to be triggered unnecessarily when users provide large inputs. The fix removes this warning, and the verifier continues to function correctly, possibly truncating part of a single line in the log output without affecting overall operation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54145. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart