CVE-2023-54312 - Vulnerability Details

- samples/bpf: Fix buffer overflow in tcp_basertt

Description

In the Linux kernel, the following vulnerability has been resolved:

samples/bpf: Fix buffer overflow in tcp_basertt

Using sizeof(nv) or strlen(nv)+1 is correct.

Published: 2025-12-30

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c890063e440456e75c2e70f6bcec3797f1771eb6`	affected	< cf7514fedc25675e68b74941df28a883951e70fd
`c890063e440456e75c2e70f6bcec3797f1771eb6`	affected	< f394d204d64095d72ad9f03ff98f3f3743bf743a
`c890063e440456e75c2e70f6bcec3797f1771eb6`	affected	< bd3e880dce27d225598730d2bbb3dc05b443af22
`c890063e440456e75c2e70f6bcec3797f1771eb6`	affected	< e92f61e0701ea780e57e1be8dbd1fbec5f42c09e
`c890063e440456e75c2e70f6bcec3797f1771eb6`	affected	< 56c25f2763a16db4fa1b486e6a21dc246cd992bd
`c890063e440456e75c2e70f6bcec3797f1771eb6`	affected	< dfc004688518d24159606289c74d0c4e123e6436
`c890063e440456e75c2e70f6bcec3797f1771eb6`	affected	< 7c08d1b0d1f75117cf82aeaef49ba9f861b3fb59
`c890063e440456e75c2e70f6bcec3797f1771eb6`	affected	< f4dea9689c5fea3d07170c2cb0703e216f1a0922

Linux

affected

Version	Status	Constraints
`4.15`	affected	—
`0`	unaffected	< 4.15
`4.19.291`	unaffected	≤ 4.19.*
`5.4.251`	unaffected	≤ 5.4.*
`5.10.188`	unaffected	≤ 5.10.*
`5.15.121`	unaffected	≤ 5.15.*
`6.1.39`	unaffected	≤ 6.1.*
`6.3.13`	unaffected	≤ 6.3.*
`6.4.4`	unaffected	≤ 6.4.*
`6.5`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00058.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/56c25f2763a16db4fa1b486e6a21dc246cd992bd
https://git.kernel.org/stable/c/7c08d1b0d1f75117cf82aeaef49ba9f861b3fb59
https://git.kernel.org/stable/c/bd3e880dce27d225598730d2bbb3dc05b443af22
https://git.kernel.org/stable/c/cf7514fedc25675e68b74941df28a883951e70fd
https://git.kernel.org/stable/c/dfc004688518d24159606289c74d0c4e123e6436
https://git.kernel.org/stable/c/e92f61e0701ea780e57e1be8dbd1fbec5f42c09e
https://git.kernel.org/stable/c/f394d204d64095d72ad9f03ff98f3f3743bf743a
https://git.kernel.org/stable/c/f4dea9689c5fea3d07170c2cb0703e216f1a0922
https://lore.kernel.org/linux-cve-announce/2025123036-CVE-2023-54312-8b23@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54312
https://www.cve.org/CVERecord?id=CVE-2023-54312

History

Wed, 31 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123036-CVE-2023-54312-8b23@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54312 https://www.cve.org/CVERecord?id=CVE-2023-54312
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 30 Dec 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix buffer overflow in tcp_basertt Using sizeof(nv) or strlen(nv)+1 is correct.
Title		samples/bpf: Fix buffer overflow in tcp_basertt
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/56c25f2763a16db4fa1b486e6a21dc246cd992bd https://git.kernel.org/stable/c/7c08d1b0d1f75117cf82aeaef49ba9f861b3fb59 https://git.kernel.org/stable/c/bd3e880dce27d225598730d2bbb3dc05b443af22 https://git.kernel.org/stable/c/cf7514fedc25675e68b74941df28a883951e70fd https://git.kernel.org/stable/c/dfc004688518d24159606289c74d0c4e123e6436 https://git.kernel.org/stable/c/e92f61e0701ea780e57e1be8dbd1fbec5f42c09e https://git.kernel.org/stable/c/f394d204d64095d72ad9f03ff98f3f3743bf743a https://git.kernel.org/stable/c/f4dea9689c5fea3d07170c2cb0703e216f1a0922

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:23:43.828Z

Updated: 2026-05-11T19:59:32.024Z

Reserved: 2025-12-30T12:06:44.530Z

Link: CVE-2023-54312

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-30T13:16:20.430

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-54312

Redhat

Severity : Low

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2023-54312 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object