CVE-2023-54114 Affecting kernel-rt-64k-modules-partner package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CENTOS9-KERNELRT64KMODULESPARTNER-14659216
- published25 Dec 2025
- disclosed24 Dec 2025
Introduced: 24 Dec 2025
NewCVE-2023-54114 (opens in a new tab)How to fix?
There is no fixed version for Centos:9 kernel-rt-64k-modules-partner.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-rt-64k-modules-partner package and not the kernel-rt-64k-modules-partner package as distributed by Centos.
See How to fix? for Centos:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
As the call trace shows, skb_panic was caused by wrong skb->mac_header in nsh_gso_segment():
invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 PID: 2737 Comm: syz Not tainted 6.3.0-next-20230505 #1 RIP: 0010:skb_panic+0xda/0xe0 call Trace: skb_push+0x91/0xa0 nsh_gso_segment+0x4f3/0x570 skb_mac_gso_segment+0x19e/0x270 __skb_gso_segment+0x1e8/0x3c0 validate_xmit_skb+0x452/0x890 validate_xmit_skb_list+0x99/0xd0 sch_direct_xmit+0x294/0x7c0 __dev_queue_xmit+0x16f0/0x1d70 packet_xmit+0x185/0x210 packet_snd+0xc15/0x1170 packet_sendmsg+0x7b/0xa0 sock_sendmsg+0x14f/0x160
The root cause is: nsh_gso_segment() use skb->network_header - nhoff to reset mac_header in skb_gso_error_unwind() if inner-layer protocol gso fails. However, skb->network_header may be reset by inner-layer protocol gso function e.g. mpls_gso_segment. skb->mac_header reset by the inaccurate network_header will be larger than skb headroom.
nsh_gso_segment nhoff = skb->network_header - skb->mac_header; __skb_pull(skb,nsh_len) skb_mac_gso_segment mpls_gso_segment skb_reset_network_header(skb);//skb->network_header+=nsh_len return -EINVAL; skb_gso_error_unwind skb_push(skb, nsh_len); skb->mac_header = skb->network_header - nhoff; // skb->mac_header > skb->headroom, cause skb_push panic
Use correct mac_offset to restore mac_header and get rid of nhoff.
References
- https://access.redhat.com/security/cve/CVE-2023-54114
- https://git.kernel.org/stable/c/02b20e0bc0c2628539e9e518dc342787c3332de2
- https://git.kernel.org/stable/c/2f88c8d38ecf5ed0273f99a067246899ba499eb2
- https://git.kernel.org/stable/c/435855b0831b351cb72cb38369ee33122ce9574c
- https://git.kernel.org/stable/c/6fbedf987b6b8ed54a50e2205d998eb2c8be72f9
- https://git.kernel.org/stable/c/c83b49383b595be50647f0c764a48c78b5f3c4f8
- https://git.kernel.org/stable/c/cb38e62922aa3991793344b5a5870e7291c74a44
- https://git.kernel.org/stable/c/cdd8160dcda1fed2028a5f96575a84afc23aff7d
- https://git.kernel.org/stable/c/d2309e0cb27b6871b273fbc1725e93be62570d86