DEBIAN-CVE-2023-54240

DEBIAN-CVE-2023-54240 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() rule_locs is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rule_locs to avoid NULL pointer dereference.

Affected Products

Vendor	Product	Versions
Debian:12	linux	6.1.55-1~bpo11+1, 6.1.52-1, 6.1.37-1
Debian:11	linux	5.10.179-5, 5.10.179-4, 5.10.178-3
Debian:13	linux	0, 0, 0
Debian:14	linux	0, 0, 0

Timeline

Dec 30, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-54240 advisory

Open in Interactive Console →