CVE-2023-53142 in Linux
Summary
by MITRE • 05/02/2025
In the Linux kernel, the following vulnerability has been resolved:
ice: copy last block omitted in ice_get_module_eeprom()
ice_get_module_eeprom() is broken since commit e9c9692c8a81 ("ice: Reimplement module reads used by ethtool") In this refactor, ice_get_module_eeprom() reads the eeprom in blocks of size 8. But the condition that should protect the buffer overflow ignores the last block. The last block always contains zeros.
Bug uncovered by ethtool upstream commit 9538f384b535 ("netlink: eeprom: Defer page requests to individual parsers") After this commit, ethtool reads a block with length = 1; to read the SFF-8024 identifier value.
unpatched driver: $ ethtool -m enp65s0f0np0 offset 0x90 length 8 Offset Values ------ ------ 0x0090: 00 00 00 00 00 00 00 00 $ ethtool -m enp65s0f0np0 offset 0x90 length 12 Offset Values ------ ------ 0x0090: 00 00 01 a0 4d 65 6c 6c 00 00 00 00 $
$ ethtool -m enp65s0f0np0 Offset Values ------ ------ 0x0000: 11 06 06 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 01 08 00 0x0070: 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00
patched driver: $ ethtool -m enp65s0f0np0 offset 0x90 length 8 Offset Values ------ ------ 0x0090: 00 00 01 a0 4d 65 6c 6c $ ethtool -m enp65s0f0np0 offset 0x90 length 12 Offset Values ------ ------ 0x0090: 00 00 01 a0 4d 65 6c 6c 61 6e 6f 78 $ ethtool -m enp65s0f0np0 Identifier : 0x11 (QSFP28) Extended identifier : 0x00 Extended identifier description : 1.5W max. Power consumption Extended identifier description : No CDR in TX, No CDR in RX Extended identifier description : High Power Class (> 3.5 W) not enabled Connector : 0x23 (No separable connector) Transceiver codes : 0x88 0x00 0x00 0x00 0x00 0x00 0x00 0x00 Transceiver type : 40G Ethernet: 40G Base-CR4 Transceiver type : 25G Ethernet: 25G Base-CR CA-N Encoding : 0x05 (64B/66B) BR, Nominal : 25500Mbps Rate identifier : 0x00 Length (SMF,km) : 0km Length (OM3 50um) : 0m Length (OM2 50um) : 0m Length (OM1 62.5um) : 0m Length (Copper or Active cable) : 1m Transmitter technology : 0xa0 (Copper cable unequalized) Attenuation at 2.5GHz : 4db Attenuation at 5.0GHz : 5db Attenuation at 7.0GHz : 7db Attenuation at 12.9GHz : 10db ........ ....
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/31/2026
The vulnerability CVE-2023-53142 affects the Linux kernel's ice driver which manages Intel Ethernet network adapters. This issue stems from a flawed implementation in the ice_get_module_eeprom() function that was introduced during a refactoring commit e9c9692c8a81. The function reads EEPROM data in blocks of eight bytes but contains a boundary condition that fails to account for the final block, causing it to always return zero-filled data for that last segment. This bug manifests when ethtool attempts to read specific EEPROM regions, particularly at offset 0x90, where the last block of data becomes corrupted or missing.
The technical flaw occurs in the buffer management logic of the ice_get_module_eeprom() function, which follows a block-based read pattern but incorrectly handles the edge case where the final block size is less than the configured block size of eight bytes. This creates a buffer overflow protection mechanism that fails to properly handle the last block, resulting in zero-padding instead of actual EEPROM content. The vulnerability specifically impacts the SFF-8024 identifier reading functionality that was later modified by upstream ethtool commit 9538f384b535, which introduced deferred page requests that expose this boundary condition.
The operational impact of this vulnerability is significant for system administrators and network operators who rely on accurate EEPROM data for hardware identification and configuration. When ethtool reads EEPROM data, particularly at specific offsets like 0x90, it receives incorrect zero-filled data instead of the actual module information, leading to misidentification of network hardware components. This affects critical network management operations such as identifying transceiver types, power consumption specifications, and physical layer capabilities that are essential for proper network configuration and troubleshooting. The vulnerability essentially masks legitimate hardware information, potentially leading to incorrect network topology decisions or failed hardware compatibility checks.
The mitigation for this vulnerability involves applying the official kernel patch that corrects the boundary condition in ice_get_module_eeprom() function. The fix ensures that all blocks, including the final partial block, are properly handled and returned with their correct data content. This patch addresses the underlying buffer management issue by correctly calculating the number of bytes to read for the final block and preventing the zero-padding behavior. Organizations should update their Linux kernel versions to include this fix, particularly those running systems with Intel Ethernet adapters that utilize the ice driver for network management operations. The vulnerability aligns with CWE-129, which addresses improper validation of array indices, and could be leveraged by attackers to obscure network hardware information, potentially aiding in more sophisticated network reconnaissance activities. This issue demonstrates the importance of proper boundary condition handling in kernel-level drivers where incorrect buffer management can lead to data corruption and system misconfiguration.
The vulnerability demonstrates a classic case of incomplete boundary checking in kernel driver code, where the refactoring process introduced a logic flaw that was not properly validated against edge cases. The patch addresses the core issue by ensuring that when reading EEPROM data in blocks, the final block is properly handled regardless of its size relative to the configured block length. This correction maintains the intended functionality of reading module EEPROM data while preventing the data corruption that occurred with the zero-padding behavior. Network administrators should prioritize applying this update to maintain accurate hardware identification and prevent potential operational issues arising from incorrect EEPROM data being presented by ethtool and other management tools. The fix ensures that the ice driver correctly implements the SFF-8024 specification requirements for EEPROM data access, restoring proper functionality for network hardware management and configuration tasks.