What is CVE-2023-54065?

CVE-2023-54065 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.18 onward and patched in 6.1.23, 6.2.10 and 6.3. CVE-2023-54065 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54065?

CVE-2023-54065 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54065?

Yes, CVE-2023-54065 has been patched. Fixed versions include 6.1.23, 6.2.10 and 6.3. If you are running Linux kernel 5.18 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54065 actively exploited?

CVE-2023-54065 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54065

In the Linux kernel, the following vulnerability has been resolved: net: dsa: realtek: fix out-of-bounds access The probe function sets priv->chip_data to (void *)priv + sizeof(*priv) with the expectation that priv has enough trailing space. However, only realtek-smi actually allocated this chip_data space. Do likewise in realtek-mdio to fix out-of-bounds accesses. These accesses likely went unnoticed so far, because of an (unused) buf[4096] member in struct realtek_priv, which caused kmalloc to round up the allocated buffer to a big enough size, so nothing of value was overwritten. With a different allocator (like in the barebox bootloader port of the driver) or with KASAN, the memory corruption becomes quickly apparent.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.18 and later are affected. Fixed in 6.1.23, 6.2.10, 6.3 and their respective stable series.

Affected from

≥ 5.18

Fixed in

✓ 6.1.23 6.1.x ✓ 6.2.10 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-54065 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/b93eb564869321d0dffaf23fcc5c88112ed62466
Patch
Kernel patch commit
https://git.kernel.org/stable/c/cc0f9bb99735d2b68fac68f37b585d615728ce5b
Patch
Kernel patch commit
https://git.kernel.org/stable/c/fe668aa499b4b95425044ba11af9609db6ecf466
Patch

Frequently asked questions

What is CVE-2023-54065?

CVE-2023-54065 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.18 onward and has been patched in 6.1.23, 6.2.10 and 6.3. CVE-2023-54065 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54065?

Yes — CVE-2023-54065 has been patched. Fixed versions include 6.1.23, 6.2.10 and 6.3. If you are running Linux kernel 5.18 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54065 actively exploited?

No — CVE-2023-54065 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.