CVE-2023-54312

Vulnerability

A buffer overflow vulnerability exists in the tcp_basertt BPF sample program within the Linux kernel. The root cause is an incorrect use of sizeof(nv) or strlen(nv)+1 when handling a buffer, leading to a potential out-of-bounds write [1].

Exploitation

The vulnerability is present in a sample BPF program, which may be used as a reference or included in custom builds. An attacker with the ability to trigger the sample program's execution (e.g., by loading and running the BPF program) could exploit the overflow. No special privileges beyond those needed to load BPF programs are required, but the attack surface is limited to systems where the sample is compiled and run [2].

Impact

Successful exploitation could allow an attacker to corrupt adjacent memory, potentially leading to a denial of service or, in some cases, arbitrary code execution within the kernel context. The exact impact depends on the memory layout and the data written beyond the buffer boundary [3].

Mitigation

The fix has been applied in the Linux kernel stable tree via commits that correct the buffer size calculation. Users are advised to update to a kernel version containing the fix, or to avoid using the vulnerable sample program if a patch cannot be applied immediately [4].