CVE-2023-54110 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and len typed as uint32 in rndis_query function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a unexpectetly large value will cause the sum with len and 8 to overflow and pass the implemented validation step. Consequently the response pointer will be referring to a location past the expected buffer boundaries allowing information leakage e.g. via RNDIS_OID_802_3_PERMANENT_ADDRESS OID.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0
https://git.kernel.org/stable/c/11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95
https://git.kernel.org/stable/c/232ef345e5d76e5542f430a29658a85dbef07f0b
https://git.kernel.org/stable/c/39eadaf5611ddd064ad1c53da65c02d2b0fe22a4
https://git.kernel.org/stable/c/55782f6d63a5a3dd3b84c1e0627738fc5b146b4e
https://git.kernel.org/stable/c/a713602807f32afc04add331410c77ef790ef77a
https://git.kernel.org/stable/c/c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2
https://git.kernel.org/stable/c/ebe6d2fcf7835f98cdbb1bd5e0414be20c321578

History

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and len typed as uint32 in rndis_query function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a unexpectetly large value will cause the sum with len and 8 to overflow and pass the implemented validation step. Consequently the response pointer will be referring to a location past the expected buffer boundaries allowing information leakage e.g. via RNDIS_OID_802_3_PERMANENT_ADDRESS OID.
Title		usb: rndis_host: Secure rndis_query check against int overflow
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0 https://git.kernel.org/stable/c/11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95 https://git.kernel.org/stable/c/232ef345e5d76e5542f430a29658a85dbef07f0b https://git.kernel.org/stable/c/39eadaf5611ddd064ad1c53da65c02d2b0fe22a4 https://git.kernel.org/stable/c/55782f6d63a5a3dd3b84c1e0627738fc5b146b4e https://git.kernel.org/stable/c/a713602807f32afc04add331410c77ef790ef77a https://git.kernel.org/stable/c/c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2 https://git.kernel.org/stable/c/ebe6d2fcf7835f98cdbb1bd5e0414be20c321578

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:06:33.495Z

Updated: 2025-12-24T13:06:33.495Z

Reserved: 2025-12-24T13:02:52.518Z

Link: CVE-2023-54110

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T13:16:12.897

Modified: 2025-12-24T13:16:12.897

Link: CVE-2023-54110

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object