CVE-2023-52807

EPSS 0.02%
Published 21.05.2024 16:15:19
Last modified 06.03.2025 12:53:53
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs

The hns3 driver define an array of string to show the coalesce
info, but if the kernel adds a new mode or a new state,
out-of-bounds access may occur when coalesce info is read via
debugfs, this patch fix the problem.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.64

Linux ≫ Linux Kernel Version >= 6.2 < 6.5.13

Linux ≫ Linux Kernel Version >= 6.6 < 6.6.3

Linux ≫ Linux Kernel Version6.7 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/07f5b8c47152cadbd9102e053dcb60685820aa09

Patch

https://git.kernel.org/stable/c/53aba458f23846112c0d44239580ff59bc5c36c3

Patch

https://git.kernel.org/stable/c/be1f703f39efa27b7371b9a4cd983317f1366792

Patch

https://git.kernel.org/stable/c/f79d985c69060047426be68b7e4c1663d5d731b4

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52807

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52807

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52807

EUVD