Buffer Overflow Vulnerability in Linux Kernel Affecting Memory Handling
CVE-2023-53667
What is CVE-2023-53667?
A vulnerability in the Linux Kernel's CDC NCM subsystem relates to improper handling of the dwNtbOutMaxSize parameter during memory allocation. This issue arises when dwNtbOutMaxSize is set to a value lower than the minimum required size, leading to insufficient memory allocation for CDC data. If additional elements are added to the SKB header structures, this can potentially lead to a situation where the allocated space does not accommodate all required data, triggering a panic and causing system instability. The vulnerability has been addressed by ensuring the dwNtbOutMaxSize remains within specified bounds, preventing improper memory handling.
Affected Version(s)
Linux 289507d3364f96f4b8814726917d572f71350d87 < 2334ff0b343ba6ba7a6c0586fcc83992bbbc1776
Linux 289507d3364f96f4b8814726917d572f71350d87
Linux 289507d3364f96f4b8814726917d572f71350d87