{
  "threat_severity" : "Low",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service due to incorrect network packet processing in NSH module",
    "id" : "2425196",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425196"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-253",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnet: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()\nAs the call trace shows, skb_panic was caused by wrong skb->mac_header\nin nsh_gso_segment():\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 3 PID: 2737 Comm: syz Not tainted 6.3.0-next-20230505 #1\nRIP: 0010:skb_panic+0xda/0xe0\ncall Trace:\nskb_push+0x91/0xa0\nnsh_gso_segment+0x4f3/0x570\nskb_mac_gso_segment+0x19e/0x270\n__skb_gso_segment+0x1e8/0x3c0\nvalidate_xmit_skb+0x452/0x890\nvalidate_xmit_skb_list+0x99/0xd0\nsch_direct_xmit+0x294/0x7c0\n__dev_queue_xmit+0x16f0/0x1d70\npacket_xmit+0x185/0x210\npacket_snd+0xc15/0x1170\npacket_sendmsg+0x7b/0xa0\nsock_sendmsg+0x14f/0x160\nThe root cause is:\nnsh_gso_segment() use skb->network_header - nhoff to reset mac_header\nin skb_gso_error_unwind() if inner-layer protocol gso fails.\nHowever, skb->network_header may be reset by inner-layer protocol\ngso function e.g. mpls_gso_segment. skb->mac_header reset by the\ninaccurate network_header will be larger than skb headroom.\nnsh_gso_segment\nnhoff = skb->network_header - skb->mac_header;\n__skb_pull(skb,nsh_len)\nskb_mac_gso_segment\nmpls_gso_segment\nskb_reset_network_header(skb);//skb->network_header+=nsh_len\nreturn -EINVAL;\nskb_gso_error_unwind\nskb_push(skb, nsh_len);\nskb->mac_header = skb->network_header - nhoff;\n// skb->mac_header > skb->headroom, cause skb_push panic\nUse correct mac_offset to restore mac_header and get rid of nhoff.", "A flaw was found in the Linux kernel, specifically within its Network Service Header (NSH) module. A local attacker could exploit this vulnerability by sending specially crafted network packets, which would cause the system to crash. This issue, a type of Denial of Service (DoS), arises from an incorrect calculation during network packet processing, leading to a critical error in memory management." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-08-12T00:00:00Z",
    "advisory" : "RHBA-2024:5207",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "rhel8/flatpak-sdk:el8-8100020240123120116.1723092933"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-08-12T00:00:00Z",
    "advisory" : "RHBA-2024:5233",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "rhel8/gcc-toolset-13-toolchain:13-33.1723093710"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-08-08T00:00:00Z",
    "advisory" : "RHSA-2024:5101",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.16.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-06-11T00:00:00Z",
    "advisory" : "RHSA-2025:8796",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.72.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-54114\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-54114\nhttps://lore.kernel.org/linux-cve-announce/2025122414-CVE-2023-54114-8362@gregkh/T" ],
  "name" : "CVE-2023-54114",
  "csaw" : false
}