What is CVE-2023-54129?

CVE-2023-54129 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.20 onward and patched in 6.1.32, 6.2.16, 6.3.3 and others. CVE-2023-54129 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54129?

CVE-2023-54129 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54129?

Yes, CVE-2023-54129 has been patched. Fixed versions include 6.1.32, 6.2.16, 6.3.3 and others. If you are running Linux kernel 4.20 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54129 actively exploited?

CVE-2023-54129 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54129

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware reports to the kernel about the change along with the details like speed, lmac_type_id, etc. Kernel derives lmac_type based on lmac_type_id received from firmware. In a few scenarios, firmware returns an invalid lmac_type_id, which is resulting in below kernel panic. This patch adds the missing validation of the lmac_type_id field. Internal error: Oops: 96000005 [#1] PREEMPT SMP [ 35.321595] Modules linked in: [ 35.328982] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted 5.4.210-g2e3169d8e1bc-dirty #17 [ 35.337014] Hardware name: Marvell CN103XX board (DT) [ 35.344297] Workqueue: events work_for_cpu_fn [ 35.352730] pstate: 40400089 (nZcv daIf +PAN -UAO) [ 35.360267] pc : strncpy+0x10/0x30 [ 35.366595] lr : cgx_link_change_handler+0x90/0x180

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.20 and later are affected. Fixed in 6.1.32, 6.2.16, 6.3.3, 6.4 and their respective stable series.

Affected from

≥ 4.20

Fixed in

✓ 6.1.32 6.1.x ✓ 6.2.16 6.2.x ✓ 6.3.3 6.3.x ✓ 6.4

References

The following references provide additional information about CVE-2023-54129 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/5c0268b141ad612b6fca13d3a66cfda111716dbb
Patch
Kernel patch commit
https://git.kernel.org/stable/c/83a7f27c5b94e43f29f8216a32790751139aa61e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/afd7660c766c4d317feae004e5cd829390bbc4b0
Patch

4 patch commits total View all on NVD

Frequently asked questions

What is CVE-2023-54129?

CVE-2023-54129 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.20 onward and has been patched in 6.1.32, 6.2.16, 6.3.3 and others. CVE-2023-54129 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54129?

Yes — CVE-2023-54129 has been patched. Fixed versions include 6.1.32, 6.2.16, 6.3.3 and others. If you are running Linux kernel 4.20 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54129 actively exploited?

No — CVE-2023-54129 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.