7.1

CVE-2023-53238

phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()

In the Linux kernel, the following vulnerability has been resolved:

phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()

The size of array 'priv->ports[]' is INNO_PHY_PORT_NUM.

In the for loop, 'i' is used as the index for array 'priv->ports[]'
with a check (i > INNO_PHY_PORT_NUM) which indicates that
INNO_PHY_PORT_NUM is allowed value for 'i' in the same loop.

This > comparison needs to be changed to >=, otherwise it potentially leads
to an out of bounds write on the next iteration through the loop
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.17 < 4.19.291
LinuxLinux Kernel Version >= 4.20 < 5.4.253
LinuxLinux Kernel Version >= 5.5 < 5.10.190
LinuxLinux Kernel Version >= 5.11 < 5.15.124
LinuxLinux Kernel Version >= 5.16 < 6.1.43
LinuxLinux Kernel Version >= 6.2 < 6.4.8
LinuxLinux Kernel Version6.5 Updaterc1
LinuxLinux Kernel Version6.5 Updaterc2
LinuxLinux Kernel Version6.5 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.045
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/2843a2e703f5cb85c9eeca11b7ee90861635a010
Patch
https://git.kernel.org/stable/c/195e806b2afb0bad6470c9094f7e45e0cf109ee0
Patch
https://git.kernel.org/stable/c/ad249aa3c38f329f91fba8b4b3cd087e79fb0ce8
Patch
https://git.kernel.org/stable/c/6d8a71e4c3a2fa4960cc50996e76a42b62fab677
Patch
https://git.kernel.org/stable/c/01cb355bb92e8fcf8306e11a4774d610c5864e39
Patch
https://git.kernel.org/stable/c/ce69eac840db0b559994dc4290fce3d7c0d7bccd
Patch
https://git.kernel.org/stable/c/13c088cf3657d70893d75cf116be937f1509cc0f
Patch