{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54110","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T13:02:52.518Z","datePublished":"2025-12-24T13:06:33.495Z","dateUpdated":"2026-05-11T19:55:40.163Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:55:40.163Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: rndis_host: Secure rndis_query check against int overflow\n\nVariables off and len typed as uint32 in rndis_query function\nare controlled by incoming RNDIS response message thus their\nvalue may be manipulated. Setting off to a unexpectetly large\nvalue will cause the sum with len and 8 to overflow and pass\nthe implemented validation step. Consequently the response\npointer will be referring to a location past the expected\nbuffer boundaries allowing information leakage e.g. via\nRNDIS_OID_802_3_PERMANENT_ADDRESS OID."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/usb/rndis_host.c"],"versions":[{"version":"ddda08624013e8435e9f7cfc34a35bd7b3520b6d","lessThan":"55782f6d63a5a3dd3b84c1e0627738fc5b146b4e","status":"affected","versionType":"git"},{"version":"ddda08624013e8435e9f7cfc34a35bd7b3520b6d","lessThan":"02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0","status":"affected","versionType":"git"},{"version":"ddda08624013e8435e9f7cfc34a35bd7b3520b6d","lessThan":"ebe6d2fcf7835f98cdbb1bd5e0414be20c321578","status":"affected","versionType":"git"},{"version":"ddda08624013e8435e9f7cfc34a35bd7b3520b6d","lessThan":"232ef345e5d76e5542f430a29658a85dbef07f0b","status":"affected","versionType":"git"},{"version":"ddda08624013e8435e9f7cfc34a35bd7b3520b6d","lessThan":"11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95","status":"affected","versionType":"git"},{"version":"ddda08624013e8435e9f7cfc34a35bd7b3520b6d","lessThan":"39eadaf5611ddd064ad1c53da65c02d2b0fe22a4","status":"affected","versionType":"git"},{"version":"ddda08624013e8435e9f7cfc34a35bd7b3520b6d","lessThan":"a713602807f32afc04add331410c77ef790ef77a","status":"affected","versionType":"git"},{"version":"ddda08624013e8435e9f7cfc34a35bd7b3520b6d","lessThan":"c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/usb/rndis_host.c"],"versions":[{"version":"2.6.22","status":"affected"},{"version":"0","lessThan":"2.6.22","status":"unaffected","versionType":"semver"},{"version":"4.14.303","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.270","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.229","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.163","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.87","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.19","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.5","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"4.14.303"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"4.19.270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.4.229"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.10.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"5.15.87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.0.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.1.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/55782f6d63a5a3dd3b84c1e0627738fc5b146b4e"},{"url":"https://git.kernel.org/stable/c/02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0"},{"url":"https://git.kernel.org/stable/c/ebe6d2fcf7835f98cdbb1bd5e0414be20c321578"},{"url":"https://git.kernel.org/stable/c/232ef345e5d76e5542f430a29658a85dbef07f0b"},{"url":"https://git.kernel.org/stable/c/11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95"},{"url":"https://git.kernel.org/stable/c/39eadaf5611ddd064ad1c53da65c02d2b0fe22a4"},{"url":"https://git.kernel.org/stable/c/a713602807f32afc04add331410c77ef790ef77a"},{"url":"https://git.kernel.org/stable/c/c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2"}],"title":"usb: rndis_host: Secure rndis_query check against int overflow","x_generator":{"engine":"bippy-1.2.0"}}}}