7.8

CVE-2023-53495

net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()

In the Linux kernel, the following vulnerability has been resolved:

net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()

rules is allocated in ethtool_get_rxnfc and the size is determined by
rule_cnt from user space. So rule_cnt needs to be check before using
rules to avoid OOB writing or NULL pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.2 < 5.4.257
LinuxLinux Kernel Version >= 5.5 < 5.10.195
LinuxLinux Kernel Version >= 5.11 < 5.15.132
LinuxLinux Kernel Version >= 5.16 < 6.1.54
LinuxLinux Kernel Version >= 6.2 < 6.5.4
LinuxLinux Kernel Version6.6 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.049
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/349638f7e5d3c7d328565587bb7b0454bbee02e2
Patch
https://git.kernel.org/stable/c/51fe0a470543f345e3c62b6798929de3ddcedc1d
Patch
https://git.kernel.org/stable/c/5bb09dddc724c5f7c4dc6dd3bfebd685eecd93e8
Patch
https://git.kernel.org/stable/c/61054a8ddb176b155a8f2bacdfefb3727187f5d9
Patch
https://git.kernel.org/stable/c/625b70d31dd4df4b96b3ddcbe251debb33bd67f5
Patch
https://git.kernel.org/stable/c/ba6673824efa3dc198b04a54e69dce480066d7d9
Patch