CVE-2023-54129: octeontx2-af: Add validation for lmac type
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-af: Add validation for lmac type
Upon physical link change, firmware reports to the kernel about the
change along with the details like speed, lmac_type_id, etc.
Kernel derives lmac_type based on lmac_type_id received from firmware.
In a few scenarios, firmware returns an invalid lmac_type_id, which
is resulting in below kernel panic. This patch adds the missing
validation of the lmac_type_id field.
Internal error: Oops: 96000005 [#1] PREEMPT SMP
[ 35.321595] Modules linked in:
[ 35.328982] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted
5.4.210-g2e3169d8e1bc-dirty #17
[ 35.337014] Hardware name: Marvell CN103XX board (DT)
[ 35.344297] Workqueue: events work_for_cpu_fn
[ 35.352730] pstate: 40400089 (nZcv daIf +PAN -UAO)
[ 35.360267] pc : strncpy+0x10/0x30
[ 35.366595] lr : cgx_link_change_handler+0x90/0x180
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue can crash affected systems when specific Marvell network hardware reports an invalid link-type value during a physical link change. The known impact is availability loss from a kernel panic, not data theft or privilege escalation based on the supplied sources.
Executive priority
Handle as a targeted availability risk for specialized Linux network platforms. It deserves timely patch planning where the hardware is present, but the supplied evidence does not support emergency internet-wide response.
Technical view
The octeontx2-af driver derived lmac_type from firmware-provided lmac_type_id without sufficient validation. In some firmware scenarios, an invalid lmac_type_id reached cgx_link_change_handler and triggered a kernel Oops in strncpy. Stable kernel commits add validation for the lmac_type_id field.
Likely exposure
Exposure appears limited to Linux systems using the octeontx2-af driver on Marvell OcteonTX2/CN103XX-class hardware where firmware can report invalid lmac_type_id values during physical link changes.
Exploitation context
The source bundle does not show active exploitation, public exploit activity, or CISA KEV listing. The described trigger is a firmware-reported invalid field during link change, so treat this primarily as a stability and availability risk.
Researcher notes
The evidence identifies a missing bounds or validity check in a hardware-specific kernel driver path. No CVSS, CWE, exploit status, or broad affected-product mapping is supplied, so exposure assessment should stay hardware- and kernel-version-specific.
Mitigation direction
Review vendor and Linux stable kernel guidance for applicable fixed builds.
Prioritize updates on Marvell OcteonTX2/CN103XX systems running affected kernels.
Coordinate kernel updates with appliance, firmware, or platform vendors.
Monitor affected hosts for kernel Oops or panic events after link changes.
Validation and detection
Inventory systems for Marvell OcteonTX2/CN103XX hardware and octeontx2-af usage.
Confirm running kernel versions against the cited affected and fixed stable references.
Check kernel logs for cgx_link_change_handler, strncpy, Oops, or panic messages.
Verify the deployed kernel includes lmac_type_id validation from the referenced commits.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-54129 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
6Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Dec 24, 2025, 13:06 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.