CVE-2023-54240 - Vulnerability Details

- net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()

Description

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()

rule_locs is allocated in ethtool_get_rxnfc and the size is determined by
rule_cnt from user space. So rule_cnt needs to be check before using
rule_locs to avoid NULL pointer dereference.

Published: 2025-12-30

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 7776591e5ae2befff86579f68916a171971c6aab
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 751b2e22a188b0c306029d094da29b6b8de31430
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 653fbddbdfc6673bba01b13dae5a4384ad8f92ec
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 75f2de75c1182e80708c932418e4895dbc88b68f
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 072324cfab9b96071c0782f51f53cc5aea1e9d5b
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< ff5faed5f5487b0fd2b640ba1304f82a5ebaab42
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< fe0195fe48f85182bc7e7eabcad925bd3cbc10f5
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< e4c79810755f66c9a933ca810da2724133b1165a

Linux

affected

Version	Status	Constraints
`4.9`	affected	—
`0`	unaffected	< 4.9
`4.14.326`	unaffected	≤ 4.14.*
`4.19.295`	unaffected	≤ 4.19.*
`5.4.257`	unaffected	≤ 5.4.*
`5.10.195`	unaffected	≤ 5.10.*
`5.15.132`	unaffected	≤ 5.15.*
`6.1.54`	unaffected	≤ 6.1.*
`6.5.4`	unaffected	≤ 6.5.*
`6.6`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/072324cfab9b96071c0782f51f53cc5aea1e9d5b
https://git.kernel.org/stable/c/653fbddbdfc6673bba01b13dae5a4384ad8f92ec
https://git.kernel.org/stable/c/751b2e22a188b0c306029d094da29b6b8de31430
https://git.kernel.org/stable/c/75f2de75c1182e80708c932418e4895dbc88b68f
https://git.kernel.org/stable/c/7776591e5ae2befff86579f68916a171971c6aab
https://git.kernel.org/stable/c/e4c79810755f66c9a933ca810da2724133b1165a
https://git.kernel.org/stable/c/fe0195fe48f85182bc7e7eabcad925bd3cbc10f5
https://git.kernel.org/stable/c/ff5faed5f5487b0fd2b640ba1304f82a5ebaab42
https://lore.kernel.org/linux-cve-announce/2025123033-CVE-2023-54240-b9f8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54240
https://www.cve.org/CVERecord?id=CVE-2023-54240

History

Thu, 01 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123033-CVE-2023-54240-b9f8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54240 https://www.cve.org/CVERecord?id=CVE-2023-54240

Tue, 30 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() rule_locs is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rule_locs to avoid NULL pointer dereference.
Title		net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/072324cfab9b96071c0782f51f53cc5aea1e9d5b https://git.kernel.org/stable/c/653fbddbdfc6673bba01b13dae5a4384ad8f92ec https://git.kernel.org/stable/c/751b2e22a188b0c306029d094da29b6b8de31430 https://git.kernel.org/stable/c/75f2de75c1182e80708c932418e4895dbc88b68f https://git.kernel.org/stable/c/7776591e5ae2befff86579f68916a171971c6aab https://git.kernel.org/stable/c/e4c79810755f66c9a933ca810da2724133b1165a https://git.kernel.org/stable/c/fe0195fe48f85182bc7e7eabcad925bd3cbc10f5 https://git.kernel.org/stable/c/ff5faed5f5487b0fd2b640ba1304f82a5ebaab42

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:11:29.039Z

Updated: 2026-05-11T19:58:09.830Z

Reserved: 2025-12-30T12:06:44.509Z

Link: CVE-2023-54240

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-30T13:16:12.540

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-54240

Redhat

Severity :

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2023-54240 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object