CVE-2023-54110
Published: Dec 24, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and len typed as uint32 in rndis_query function are controlled by incoming RNDIS response message thus their value may be manipulated. Setting off to a unexpectetly large value will cause the sum with len and 8 to overflow and pass the implemented validation step. Consequently the response pointer will be referring to a location past the expected buffer boundaries allowing information leakage e.g. via RNDIS_OID_802_3_PERMANENT_ADDRESS OID.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ddda08624013e8435e9f7cfc34a35bd7b3520b6d - < 55782f6d63a5a3dd3b84c1e0627738fc5b146b4eaffected ddda08624013e8435e9f7cfc34a35bd7b3520b6d - < 02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0affected ddda08624013e8435e9f7cfc34a35bd7b3520b6d - < ebe6d2fcf7835f98cdbb1bd5e0414be20c321578affected ddda08624013e8435e9f7cfc34a35bd7b3520b6d - < 232ef345e5d76e5542f430a29658a85dbef07f0baffected ddda08624013e8435e9f7cfc34a35bd7b3520b6d - < 11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95+3 more versions |
Linux | Linux | affected 2.6.22unaffected 0 - < 2.6.22unaffected 4.14.303 - <= 4.14.*unaffected 4.19.270 - <= 4.19.*unaffected 5.4.229 - <= 5.4.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now