Main Vulnerability Database SB20251230156

SB20251230156 - Use-after-free in Linux kernel ethernet cadence driver

Published: December 30, 2025 Updated: December 31, 2025

Security Bulletin ID SB20251230156

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2023-54257)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macb_get_addr() function in drivers/net/ethernet/cadence/macb_main.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/1bec9da233f779e7b6954ee07ad7e6d8f2a4dd83
https://git.kernel.org/stable/c/5dcf3a6843d0d7cc76960fbe8511d425f217744c
https://git.kernel.org/stable/c/7169d1638824c4bf7e0fe0baad381ddec861fa70
https://git.kernel.org/stable/c/7ccc58a1a75601c936069d4a0741940623990ade
https://git.kernel.org/stable/c/82e626af24683e01211abe66cec27a387f8f17c9
https://git.kernel.org/stable/c/9412a9bf5952cdf5d0f736cc1e8c68fd366c2d47
https://git.kernel.org/stable/c/dd7a49a3eaf723a01b2fdf153f98450a82b0b0fe
https://git.kernel.org/stable/c/e8b74453555872851bdd7ea43a7c0ec39659834f
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.313
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.281
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.178
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.108
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.241
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.25
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3