{"id":"CVE-2023-54110","summary":"usb: rndis_host: Secure rndis_query check against int overflow","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: rndis_host: Secure rndis_query check against int overflow\n\nVariables off and len typed as uint32 in rndis_query function\nare controlled by incoming RNDIS response message thus their\nvalue may be manipulated. Setting off to a unexpectetly large\nvalue will cause the sum with len and 8 to overflow and pass\nthe implemented validation step. Consequently the response\npointer will be referring to a location past the expected\nbuffer boundaries allowing information leakage e.g. via\nRNDIS_OID_802_3_PERMANENT_ADDRESS OID.","modified":"2026-03-20T12:33:27.183141Z","published":"2025-12-24T13:06:33.495Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0350-1","SUSE-SU-2026:0352-1","SUSE-SU-2026:0369-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54110.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95"},{"type":"WEB","url":"https://git.kernel.org/stable/c/232ef345e5d76e5542f430a29658a85dbef07f0b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/39eadaf5611ddd064ad1c53da65c02d2b0fe22a4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/55782f6d63a5a3dd3b84c1e0627738fc5b146b4e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a713602807f32afc04add331410c77ef790ef77a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ebe6d2fcf7835f98cdbb1bd5e0414be20c321578"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54110.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54110"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ddda08624013e8435e9f7cfc34a35bd7b3520b6d"},{"fixed":"55782f6d63a5a3dd3b84c1e0627738fc5b146b4e"},{"fixed":"02ffb4ecf0614c58e3d0e5bfbe99588c9ddc77c0"},{"fixed":"ebe6d2fcf7835f98cdbb1bd5e0414be20c321578"},{"fixed":"232ef345e5d76e5542f430a29658a85dbef07f0b"},{"fixed":"11cd4ec6359d90b13ffb8f85a9df8637f0cf8d95"},{"fixed":"39eadaf5611ddd064ad1c53da65c02d2b0fe22a4"},{"fixed":"a713602807f32afc04add331410c77ef790ef77a"},{"fixed":"c7dd13805f8b8fc1ce3b6d40f6aff47e66b72ad2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54110.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.22"},{"fixed":"4.14.303"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.270"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.229"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.163"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.87"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.19"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54110.json"}}],"schema_version":"1.7.5"}