CVE & CISA-KEV Catalog

CVE-2023-54039

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access In the j1939_tp_tx_dat_new() function, an out-of-bounds memory access could occur during the memcpy() operation if the size of skb->cb is larger than the size of struct j1939_sk_buff_cb. This is because the memcpy() operation uses the size of skb->cb, leading to a read beyond the struct j1939_sk_buff_cb. Updated the memcpy() operation to use the size of struct j1939_sk_buff_cb instead of the size of skb->cb. This ensures that the memcpy() operation only reads the memory within the bounds of struct j1939_sk_buff_cb, preventing out-of-bounds memory access. Additionally, add a BUILD_BUG_ON() to check that the size of skb->cb is greater than or equal to the size of struct j1939_sk_buff_cb. This ensures that the skb->cb buffer is large enough to hold the j1939_sk_buff_cb structure. [mkl: rephrase commit message]

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.178-1CVE-2023-54039
Fixed in:6.1.25-1CVE-2023-54039
Fixed in:6.1.25-1CVE-2023-54039
Fixed in:6.1.25-1CVE-2023-54039

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.16%probability of exploitation in 30 days
6thpercentile

Low risk: more likely to be exploited than 6% of all known CVEs.

References

Embed a live status badge for CVE-2023-54039
CVE-2023-54039 severity badge

Markdown

[![CVE-2023-54039](https://tridentstack.com/cve/badge/CVE-2023-54039.svg)](https://tridentstack.com/cve/CVE-2023-54039)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-54039"><img src="https://tridentstack.com/cve/badge/CVE-2023-54039.svg" alt="CVE-2023-54039"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-12-29.