{"api_version":"1","generated_at":"2026-06-22T20:26:04+00:00","cve":"CVE-2023-54129","urls":{"html":"https://cve.report/CVE-2023-54129","api":"https://cve.report/api/cve/CVE-2023-54129.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-54129","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-54129"},"summary":{"title":"octeontx2-af: Add validation for lmac type","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation for lmac type\n\nUpon physical link change, firmware reports to the kernel about the\nchange along with the details like speed, lmac_type_id, etc.\nKernel derives lmac_type based on lmac_type_id received from firmware.\n\nIn a few scenarios, firmware returns an invalid lmac_type_id, which\nis resulting in below kernel panic. This patch adds the missing\nvalidation of the lmac_type_id field.\n\nInternal error: Oops: 96000005 [#1] PREEMPT SMP\n[   35.321595] Modules linked in:\n[   35.328982] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted\n5.4.210-g2e3169d8e1bc-dirty #17\n[   35.337014] Hardware name: Marvell CN103XX board (DT)\n[   35.344297] Workqueue: events work_for_cpu_fn\n[   35.352730] pstate: 40400089 (nZcv daIf +PAN -UAO)\n[   35.360267] pc : strncpy+0x10/0x30\n[   35.366595] lr : cgx_link_change_handler+0x90/0x180","state":"PUBLISHED","assigner":"Linux","published_at":"2025-12-24 13:16:14","updated_at":"2026-06-19 13:16:19"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/afd7660c766c4d317feae004e5cd829390bbc4b0","name":"https://git.kernel.org/stable/c/afd7660c766c4d317feae004e5cd829390bbc4b0","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/5c0268b141ad612b6fca13d3a66cfda111716dbb","name":"https://git.kernel.org/stable/c/5c0268b141ad612b6fca13d3a66cfda111716dbb","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4392454c694b13d78c84165c0964729772cd3b73","name":"https://git.kernel.org/stable/c/4392454c694b13d78c84165c0964729772cd3b73","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/83a7f27c5b94e43f29f8216a32790751139aa61e","name":"https://git.kernel.org/stable/c/83a7f27c5b94e43f29f8216a32790751139aa61e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/cb5edce271764524b88b1a6866b3e626686d9a33","name":"https://git.kernel.org/stable/c/cb5edce271764524b88b1a6866b3e626686d9a33","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-54129","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-54129","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 61071a871ea6eb2125ece91c1a0dbb124a318c8a 4392454c694b13d78c84165c0964729772cd3b73 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 61071a871ea6eb2125ece91c1a0dbb124a318c8a 83a7f27c5b94e43f29f8216a32790751139aa61e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 61071a871ea6eb2125ece91c1a0dbb124a318c8a afd7660c766c4d317feae004e5cd829390bbc4b0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 61071a871ea6eb2125ece91c1a0dbb124a318c8a 5c0268b141ad612b6fca13d3a66cfda111716dbb git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 61071a871ea6eb2125ece91c1a0dbb124a318c8a cb5edce271764524b88b1a6866b3e626686d9a33 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.20","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.20 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.259 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.32 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.2.16 6.2.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.3.3 6.3.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.4 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2023","cve_id":"54129","cve":"CVE-2023-54129","epss":"0.001680000","percentile":"0.063440000","score_date":"2026-06-21","updated_at":"2026-06-22 00:08:33"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/net/ethernet/marvell/octeontx2/af/cgx.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"4392454c694b13d78c84165c0964729772cd3b73","status":"affected","version":"61071a871ea6eb2125ece91c1a0dbb124a318c8a","versionType":"git"},{"lessThan":"83a7f27c5b94e43f29f8216a32790751139aa61e","status":"affected","version":"61071a871ea6eb2125ece91c1a0dbb124a318c8a","versionType":"git"},{"lessThan":"afd7660c766c4d317feae004e5cd829390bbc4b0","status":"affected","version":"61071a871ea6eb2125ece91c1a0dbb124a318c8a","versionType":"git"},{"lessThan":"5c0268b141ad612b6fca13d3a66cfda111716dbb","status":"affected","version":"61071a871ea6eb2125ece91c1a0dbb124a318c8a","versionType":"git"},{"lessThan":"cb5edce271764524b88b1a6866b3e626686d9a33","status":"affected","version":"61071a871ea6eb2125ece91c1a0dbb124a318c8a","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/net/ethernet/marvell/octeontx2/af/cgx.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"4.20"},{"lessThan":"4.20","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.259","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.32","versionType":"semver"},{"lessThanOrEqual":"6.2.*","status":"unaffected","version":"6.2.16","versionType":"semver"},{"lessThanOrEqual":"6.3.*","status":"unaffected","version":"6.3.3","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.4","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.259","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.32","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.16","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.3.3","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.4","versionStartIncluding":"4.20","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation for lmac type\n\nUpon physical link change, firmware reports to the kernel about the\nchange along with the details like speed, lmac_type_id, etc.\nKernel derives lmac_type based on lmac_type_id received from firmware.\n\nIn a few scenarios, firmware returns an invalid lmac_type_id, which\nis resulting in below kernel panic. This patch adds the missing\nvalidation of the lmac_type_id field.\n\nInternal error: Oops: 96000005 [#1] PREEMPT SMP\n[   35.321595] Modules linked in:\n[   35.328982] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted\n5.4.210-g2e3169d8e1bc-dirty #17\n[   35.337014] Hardware name: Marvell CN103XX board (DT)\n[   35.344297] Workqueue: events work_for_cpu_fn\n[   35.352730] pstate: 40400089 (nZcv daIf +PAN -UAO)\n[   35.360267] pc : strncpy+0x10/0x30\n[   35.366595] lr : cgx_link_change_handler+0x90/0x180"}],"providerMetadata":{"dateUpdated":"2026-06-19T11:57:08.618Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/4392454c694b13d78c84165c0964729772cd3b73"},{"url":"https://git.kernel.org/stable/c/83a7f27c5b94e43f29f8216a32790751139aa61e"},{"url":"https://git.kernel.org/stable/c/afd7660c766c4d317feae004e5cd829390bbc4b0"},{"url":"https://git.kernel.org/stable/c/5c0268b141ad612b6fca13d3a66cfda111716dbb"},{"url":"https://git.kernel.org/stable/c/cb5edce271764524b88b1a6866b3e626686d9a33"}],"title":"octeontx2-af: Add validation for lmac type","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2023-54129","datePublished":"2025-12-24T13:06:46.817Z","dateReserved":"2025-12-24T13:02:52.521Z","dateUpdated":"2026-06-19T11:57:08.618Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-12-24 13:16:14","lastModifiedDate":"2026-06-19 13:16:19","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"54129","Ordinal":"1","Title":"octeontx2-af: Add validation for lmac type","CVE":"CVE-2023-54129","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"54129","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation for lmac type\n\nUpon physical link change, firmware reports to the kernel about the\nchange along with the details like speed, lmac_type_id, etc.\nKernel derives lmac_type based on lmac_type_id received from firmware.\n\nIn a few scenarios, firmware returns an invalid lmac_type_id, which\nis resulting in below kernel panic. This patch adds the missing\nvalidation of the lmac_type_id field.\n\nInternal error: Oops: 96000005 [#1] PREEMPT SMP\n[   35.321595] Modules linked in:\n[   35.328982] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted\n5.4.210-g2e3169d8e1bc-dirty #17\n[   35.337014] Hardware name: Marvell CN103XX board (DT)\n[   35.344297] Workqueue: events work_for_cpu_fn\n[   35.352730] pstate: 40400089 (nZcv daIf +PAN -UAO)\n[   35.360267] pc : strncpy+0x10/0x30\n[   35.366595] lr : cgx_link_change_handler+0x90/0x180","Type":"Description","Title":"octeontx2-af: Add validation for lmac type"}]}}}