CVE-2023-54240 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()

rule_locs is allocated in ethtool_get_rxnfc and the size is determined by
rule_cnt from user space. So rule_cnt needs to be check before using
rule_locs to avoid NULL pointer dereference.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 7776591e5ae2befff86579f68916a171971c6aab
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 751b2e22a188b0c306029d094da29b6b8de31430
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 653fbddbdfc6673bba01b13dae5a4384ad8f92ec
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 75f2de75c1182e80708c932418e4895dbc88b68f
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< 072324cfab9b96071c0782f51f53cc5aea1e9d5b
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< ff5faed5f5487b0fd2b640ba1304f82a5ebaab42
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< fe0195fe48f85182bc7e7eabcad925bd3cbc10f5
`7aab747e5563ecbc9f3cb64ddea13fe7b9fee2bd`	affected	< e4c79810755f66c9a933ca810da2724133b1165a

Linux

affected

Version	Status	Constraints
`4.9`	affected	—
`0`	unaffected	< 4.9
`4.14.326`	unaffected	≤ 4.14.*
`4.19.295`	unaffected	≤ 4.19.*
`5.4.257`	unaffected	≤ 5.4.*
`5.10.195`	unaffected	≤ 5.10.*
`5.15.132`	unaffected	≤ 5.15.*
`6.1.54`	unaffected	≤ 6.1.*
`6.5.4`	unaffected	≤ 6.5.*
`6.6`	unaffected	≤ *

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/072324cfab9b96071c0782f51f53cc5aea1e9d5b
https://git.kernel.org/stable/c/653fbddbdfc6673bba01b13dae5a4384ad8f92ec
https://git.kernel.org/stable/c/751b2e22a188b0c306029d094da29b6b8de31430
https://git.kernel.org/stable/c/75f2de75c1182e80708c932418e4895dbc88b68f
https://git.kernel.org/stable/c/7776591e5ae2befff86579f68916a171971c6aab
https://git.kernel.org/stable/c/e4c79810755f66c9a933ca810da2724133b1165a
https://git.kernel.org/stable/c/fe0195fe48f85182bc7e7eabcad925bd3cbc10f5
https://git.kernel.org/stable/c/ff5faed5f5487b0fd2b640ba1304f82a5ebaab42
https://lore.kernel.org/linux-cve-announce/2025123033-CVE-2023-54240-b9f8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54240
https://www.cve.org/CVERecord?id=CVE-2023-54240

History

Thu, 01 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123033-CVE-2023-54240-b9f8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54240 https://www.cve.org/CVERecord?id=CVE-2023-54240

Tue, 30 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() rule_locs is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rule_locs to avoid NULL pointer dereference.
Title		net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/072324cfab9b96071c0782f51f53cc5aea1e9d5b https://git.kernel.org/stable/c/653fbddbdfc6673bba01b13dae5a4384ad8f92ec https://git.kernel.org/stable/c/751b2e22a188b0c306029d094da29b6b8de31430 https://git.kernel.org/stable/c/75f2de75c1182e80708c932418e4895dbc88b68f https://git.kernel.org/stable/c/7776591e5ae2befff86579f68916a171971c6aab https://git.kernel.org/stable/c/e4c79810755f66c9a933ca810da2724133b1165a https://git.kernel.org/stable/c/fe0195fe48f85182bc7e7eabcad925bd3cbc10f5 https://git.kernel.org/stable/c/ff5faed5f5487b0fd2b640ba1304f82a5ebaab42

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:11:29.039Z

Updated: 2025-12-30T12:11:29.039Z

Reserved: 2025-12-30T12:06:44.509Z

Link: CVE-2023-54240

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-30T13:16:12.540

Modified: 2025-12-31T20:42:43.210

Link: CVE-2023-54240

Redhat

Severity :

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2023-54240 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object