7.8
CVE-2023-53000
- EPSS 0.02%
- Veröffentlicht 27.03.2025 16:43:33
- Zuletzt bearbeitet 30.10.2025 16:40:17
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
netlink: prevent potential spectre v1 gadgets
In the Linux kernel, the following vulnerability has been resolved:
netlink: prevent potential spectre v1 gadgets
Most netlink attributes are parsed and validated from
__nla_validate_parse() or validate_nla()
u16 type = nla_type(nla);
if (type == 0 || type > maxtype) {
/* error or continue */
}
@type is then used as an array index and can be used
as a Spectre v1 gadget.
array_index_nospec() can be used to prevent leaking
content of kernel memory to malicious users.
This should take care of vast majority of netlink uses,
but an audit is needed to take care of others where
validation is not yet centralized in core netlink functions.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.15 < 5.4.231
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.166
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.91
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.9
Linux ≫ Linux Kernel Version6.2 Updaterc1
Linux ≫ Linux Kernel Version6.2 Updaterc2
Linux ≫ Linux Kernel Version6.2 Updaterc3
Linux ≫ Linux Kernel Version6.2 Updaterc4
Linux ≫ Linux Kernel Version6.2 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.063 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.