5.5

CVE-2023-52997

ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()

In the Linux kernel, the following vulnerability has been resolved:

ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()

if (!type)
		continue;
	if (type > RTAX_MAX)
		return -EINVAL;
	...
	metrics[type - 1] = val;

@type being used as an array index, we need to prevent
cpu speculation or risk leaking kernel memory content.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.3 < 4.19.272
LinuxLinux Kernel Version >= 4.20 < 5.4.231
LinuxLinux Kernel Version >= 5.5 < 5.10.166
LinuxLinux Kernel Version >= 5.11 < 5.15.91
LinuxLinux Kernel Version >= 5.16 < 6.1.9
LinuxLinux Kernel Version6.2 Updaterc1
LinuxLinux Kernel Version6.2 Updaterc2
LinuxLinux Kernel Version6.2 Updaterc3
LinuxLinux Kernel Version6.2 Updaterc4
LinuxLinux Kernel Version6.2 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.159
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/ef050cf5fb70d995a0d03244e25179b7c66a924a
Patch
https://git.kernel.org/stable/c/746db9ec1e672eee13965625ddac0d97e16fa20c
Patch
https://git.kernel.org/stable/c/34c6142f0df9cd75cba5a7aa9df0960d2854b415
Patch
https://git.kernel.org/stable/c/d50e7348b44f1e046121ff5be01b7fb6978a1149
Patch
https://git.kernel.org/stable/c/6850fe301d015a7d2012d1de8caf43dafb7cc2f6
Patch
https://git.kernel.org/stable/c/1d1d63b612801b3f0a39b7d4467cad0abd60e5c8
Patch