Security readout for executives and security teams
Plain-English summary
CVE-2023-54142 is a Linux kernel memory-safety bug in the GTP network driver. The public record shows a use-after-free found by syzkaller during GTP device teardown. Business urgency depends on whether affected kernels run with GTP functionality available or used.
Executive priority
Treat this as targeted kernel hygiene unless your environment uses Linux GTP networking. For GTP-dependent systems, prioritize vendor kernel updates because memory-safety faults in kernel networking can carry higher operational risk.
Technical view
The flaw is in __gtp_encap_destroy()/gtp_encap_disable. A previous locking change calls release_sock() after sock_put() may drop the last socket reference, causing later access to freed sk memory during GTP netdevice deletion.
Likely exposure
Exposure is most relevant for Linux systems running affected kernel versions with the GTP driver or GTP netdevices in use. The bundle does not provide CPEs, distribution package mappings, or configuration prerequisites beyond the Linux GTP code path.
Exploitation context
The source evidence is a syzkaller KASAN report, not observed exploitation. The CVE is not marked KEV. The bundle does not establish remote reachability, required privileges, practical exploitability, or impact beyond use-after-free behavior.
Researcher notes
The strongest evidence is the kernel commit narrative and syzkaller trace. The record lacks CVSS, CWE, exploit details, and distribution status. Avoid assuming exploitability; focus validation on kernel lineage and whether GTP teardown paths are reachable.
Mitigation direction
Inventory Linux kernel versions on systems that may use GTP networking.
Check vendor kernel advisories and distribution backports for CVE-2023-54142 coverage.
Apply kernel updates containing the listed stable fixes where applicable.
Prioritize hosts with GTP devices, GTP modules, or telecom packet-core roles.
If patch status is unclear, request vendor guidance for your exact kernel build.
Validation and detection
Confirm whether the running kernel includes a listed stable fix commit or vendor backport.
Check whether the gtp module is present, loaded, or built into the kernel.
Identify configured GTP netdevices on potentially exposed hosts.
Review kernel package changelogs for CVE-2023-54142 or the referenced commit titles.
Document systems where kernel lineage cannot be mapped to fixed builds.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-54142 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
10Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Dec 24, 2025, 13:06 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.