Improper Input Validation Affecting kernel-debug-modules-core package, versions <0:5.14.0-362.8.1.el9_3


Severity

Recommended
high

Based on CentOS security rating.

Threat Intelligence

EPSS
0.17% (7th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS9-KERNELDEBUGMODULESCORE-14650461
  • published25 Dec 2025
  • disclosed24 Dec 2025

Introduced: 24 Dec 2025

CVE-2023-54129  (opens in a new tab)
CWE-20  (opens in a new tab)

How to fix?

Upgrade Centos:9 kernel-debug-modules-core to version 0:5.14.0-362.8.1.el9_3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-debug-modules-core package and not the kernel-debug-modules-core package as distributed by Centos. See How to fix? for Centos:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

octeontx2-af: Add validation for lmac type

Upon physical link change, firmware reports to the kernel about the change along with the details like speed, lmac_type_id, etc. Kernel derives lmac_type based on lmac_type_id received from firmware.

In a few scenarios, firmware returns an invalid lmac_type_id, which is resulting in below kernel panic. This patch adds the missing validation of the lmac_type_id field.

Internal error: Oops: 96000005 [#1] PREEMPT SMP [ 35.321595] Modules linked in: [ 35.328982] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted 5.4.210-g2e3169d8e1bc-dirty #17 [ 35.337014] Hardware name: Marvell CN103XX board (DT) [ 35.344297] Workqueue: events work_for_cpu_fn [ 35.352730] pstate: 40400089 (nZcv daIf +PAN -UAO) [ 35.360267] pc : strncpy+0x10/0x30 [ 35.366595] lr : cgx_link_change_handler+0x90/0x180

CVSS Base Scores

version 3.1