CVE-2023-52454

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52454
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52454.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52454
Downstream
Related
Published
2024-02-23T14:46:17.827Z
Modified
2026-03-13T07:48:01.826548Z
Summary
nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
Details

In the Linux kernel, the following vulnerability has been resolved:

nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec().

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 lr : nvmettcpiowork+0x6ac/0x718 [nvmettcp] Call trace: processonework+0x174/0x3c8 worker_thread+0x2d0/0x3e8 kthread+0x104/0x110

Fix the bug by raising a fatal error if DATAL isn't coherent with the packet size. Also, the PDU length should never exceed the MAXH2CDATA parameter which has been communicated to the host in nvmettcphandle_icreq().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52454.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
872d26a391da92ed8f0c0f5cb5fef428067b7f30
Fixed
ee5e7632e981673f42a50ade25e71e612e543d9d
Fixed
f775f2621c2ac5cc3a0b3a64665dad4fb146e510
Fixed
4cb3cf7177ae3666be7fb27d4ad4d72a295fb02d
Fixed
2871aa407007f6f531fae181ad252486e022df42
Fixed
24e05760186dc070d3db190ca61efdbce23afc88
Fixed
70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68
Fixed
efa56305908ba20de2104f1b8508c6a7401833be

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52454.json"