DEBIAN-CVE-2023-54247

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-54247

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54247.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-54247

Upstream

CVE-2023-54247

Published

2025-12-30T13:16:13.327Z

Modified

2026-01-05T18:01:19.016476Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: bpf: Silence a warning in btftypeidsize() syzbot reported a warning in [1] with the following stacktrace: WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btftypeidsize+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... RIP: 0010:btftypeidsize+0x2d9/0x9d0 kernel/bpf/btf.c:1988 ... Call Trace: <TASK> mapcheckbtf kernel/bpf/syscall.c:1024 [inline] mapcreate+0x1157/0x1860 kernel/bpf/syscall.c:1198 __sys_bpf+0x127f/0x5420 kernel/bpf/syscall.c:5040 __dosysbpf kernel/bpf/syscall.c:5162 [inline] __sesysbpf kernel/bpf/syscall.c:5160 [inline] __x64sysbpf+0x79/0xc0 kernel/bpf/syscall.c:5160 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x39/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x63/0xcd With the following btf [1] DECLTAG 'a' typeid=4 componentidx=-1 [2] PTR '(anon)' typeid=0 [3] TYPETAG 'a' typeid=2 [4] VAR 'a' typeid=3, linkage=static and when the bpfattr.btfkeytypeid = 1 (DECLTAG), the following WARNONONCE in btftypeidsize() is triggered: if (WARNONONCE(!btftypeismodifier(sizetype) && !btftypeisvar(sizetype))) return NULL; Note that 'return NULL' is the correct behavior as we don't want a DECLTAG type to be used as a btf{key,value}typeid even for the case like 'DECLTAG -> STRUCT'. So there is no correctness issue here, we just want to silence warning. To silence the warning, I added DECLTAG as one of kinds in btftypenosize() which will cause btftypeidsize() returning NULL earlier without the warning. [1] https://lore.kernel.org/bpf/000000000000e0df8d05fc75ba86@google.com/

References

https://security-tracker.debian.org/tracker/CVE-2023-54247

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.112-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

6.1.82-1

6.1.85-1

6.1.90-1~bpo11+1

6.1.90-1

6.1.94-1~bpo11+1

6.1.94-1

6.1.98-1

6.1.99-1

6.1.106-1

6.1.106-2

6.1.106-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54247.json"

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54247.json"

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54247.json"