LiveActive security incident?Get immediate response
CVE Record

CVE-2023-53068: net: usb: lan78xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. Additionally prevent integer underflow when size is less than ETH_FCS_LEN.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2023-53068 is a Linux kernel information leak in the lan78xx USB Ethernet driver. A packet descriptor can claim more data than the socket buffer actually holds, causing kernel memory contents to be passed upward in network handling. The public bundle does not provide a CVSS score or exploitation evidence.

Executive priority

Prioritize normal kernel patch management, with faster handling for systems that use LAN78xx USB Ethernet. Current public evidence does not support emergency internet-wide action, but kernel memory disclosure bugs deserve timely remediation because exposed data may be sensitive.

Technical view

The lan78xx driver used a packet length from a descriptor without limiting it to skb->len. When the descriptor length exceeded the real buffer length, a cloned skb could expose adjacent kernel memory. The fix also prevents integer underflow when size is smaller than ETH_FCS_LEN.

Likely exposure

Exposure appears limited to Linux systems running affected kernel versions and using the lan78xx USB Ethernet driver. The bundle lists upstream stable fixes, but does not provide a complete distribution package matrix or hardware deployment scope.

Exploitation context

The source bundle says this is not in KEV and provides no cited evidence of active exploitation. It also does not include attacker prerequisites, proof-of-concept details, or observed abuse. Treat exploitation status as unproven from the provided sources.

Researcher notes

The key evidence is the upstream Linux fix description: descriptor packet length may exceed skb->len, leaking kernel memory through cloned skb handling. Severity metadata is incomplete, with no CVSS or CWE in the bundle. Validate exposure against actual driver use, not Linux presence alone.

Mitigation direction

  • Check Linux distribution advisories for kernels containing the upstream stable fixes.
  • Update affected Linux kernels through the normal vendor-supported channel.
  • Prioritize systems using LAN78xx USB Ethernet adapters or loading the lan78xx driver.
  • Track vendor backports because package versions may differ from upstream kernel versions.
  • If patching is delayed, follow vendor guidance for temporary exposure reduction.

Validation and detection

  • Inventory Linux hosts for affected kernel versions and lan78xx driver usage.
  • Confirm whether vendor kernel packages include the referenced stable commits.
  • Review asset data for USB Ethernet adapters relying on the LAN78xx chipset family.
  • Verify patched hosts no longer map to the affected upstream version range.
  • Document any systems awaiting vendor fixes or operational maintenance windows.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-53068 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux55d7de9de6c30adce8d675c7ce513e283829c2ff, 55d7de9de6c30adce8d675c7ce513e283829c2ff, 55d7de9de6c30adce8d675c7ce513e283829c2ffunaffected
LinuxLinux4.3, 0, 6.1.22, 6.2.9, 6.3affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.