U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2023-54039 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access In the j1939_tp_tx_dat_new() function, an out-of-bounds memory access could occur during the memcpy() operation if the size of skb->cb is larger than the size of struct j1939_sk_buff_cb. This is because the memcpy() operation uses the size of skb->cb, leading to a read beyond the struct j1939_sk_buff_cb. Updated the memcpy() operation to use the size of struct j1939_sk_buff_cb instead of the size of skb->cb. This ensures that the memcpy() operation only reads the memory within the bounds of struct j1939_sk_buff_cb, preventing out-of-bounds memory access. Additionally, add a BUILD_BUG_ON() to check that the size of skb->cb is greater than or equal to the size of struct j1939_sk_buff_cb. This ensures that the skb->cb buffer is large enough to hold the j1939_sk_buff_cb structure. [mkl: rephrase commit message]


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/36befc9aed6202b4a9b906529aea13eacd7e34ff kernel.org
https://git.kernel.org/stable/c/4c3fb22a6ec68258ee129a2e6b720f43dffc562f kernel.org
https://git.kernel.org/stable/c/4fe1d9b6231a68ffc91318f57fd8e4982f028cf7 kernel.org
https://git.kernel.org/stable/c/70caa596d158a5d84b117f722d58f3ea503a5ba9 kernel.org
https://git.kernel.org/stable/c/b45193cb4df556fe6251b285a5ce44046dd36b4a kernel.org
https://git.kernel.org/stable/c/d2136f05690c272dfc9f9d6efcc51d5f53494b33 kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2023-54039
NVD Published Date:
12/24/2025
NVD Last Modified:
12/24/2025
Source:
kernel.org