CVE-2023-52812

EPSS 0.02%
Veröffentlicht 21.05.2024 16:15:19
Zuletzt bearbeitet 25.11.2025 17:26:19
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

drm/amd: check num of link levels when update pcie param

In the Linux kernel, the following vulnerability has been resolved:

drm/amd: check num of link levels when update pcie param

In SR-IOV environment, the value of pcie_table->num_of_link_levels will
be 0, and num_of_levels - 1 will cause array index out of bounds

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 4 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version11.0

Linux ≫ Linux Kernel Version >= 5.19 < 6.1.119

Linux ≫ Linux Kernel Version >= 6.2 < 6.5.13

Linux ≫ Linux Kernel Version >= 6.6 < 6.6.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/09f617219fe9ccd8d7b65dc3e879b5889f663b5a

Patch

https://git.kernel.org/stable/c/2f2d48b6247ae3001f83c98730b3cce475cb2927

Patch

https://git.kernel.org/stable/c/406e8845356d18bdf3d3a23b347faf67706472ec

Patch

https://git.kernel.org/stable/c/5b4574b663d0a1a0a62d5232429b7db9ae6d0670

Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-52812