CVE-2023-52606

EPSS 0.01%
Veröffentlicht 06.03.2024 07:15:11
Zuletzt bearbeitet 14.02.2025 16:40:45
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

powerpc/lib: Validate size for vector operations

Some of the fp/vmx code in sstep.c assume a certain maximum size for the
instructions being emulated. The size of those operations however is
determined separately in analyse_instr().

Add a check to validate the assumption on the maximum size of the
operations, so as to prevent any unintended kernel stack corruption.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.19.307

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.269

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.210

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.149

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.77

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.16

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.018

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Patch

Mailing List

https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf

Patch

Mailing List

https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c

Patch

Mailing List

https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414

Patch

Mailing List