CVE-2023-52626

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context Indirection (*) is of lower precedence than postfix increment (++). Logic in napi_poll context would cause an out-of-bound read by first increment the pointer address by byte address space and then dereference the value. Rather, the intended logic was to dereference first and then increment the underlying value.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0	Patch
https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a	Patch
https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790	Patch
https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0	Patch
https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a	Patch
https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::

History

No history.

Information

Published : 2024-03-26 18:15

Updated : 2025-03-17 15:19

NVD link : CVE-2023-52626

Mitre link : CVE-2023-52626

CVE.ORG link : CVE-2023-52626

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2023-52626", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2024-03-26T18:15:09.087", "references": [{"url": "https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix operation precedence bug in port timestamping napi_poll context\n\nIndirection (*) is of lower precedence than postfix increment (++). Logic\nin napi_poll context would cause an out-of-bound read by first increment\nthe pointer address by byte address space and then dereference the value.\nRather, the intended logic was to dereference first and then increment the\nunderlying value."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5e: se corrigi\u00f3 el error de precedencia de operaci\u00f3n en la marca de tiempo del puerto contexto napi_poll La indirecci\u00f3n (*) tiene menor prioridad que el incremento de postfijo (++). La l\u00f3gica en el contexto napi_poll provocar\u00eda una lectura fuera de los l\u00edmites al incrementar primero la direcci\u00f3n del puntero por espacio de direcciones de bytes y luego desreferenciar el valor. M\u00e1s bien, la l\u00f3gica prevista era desreferenciar primero y luego incrementar el valor subyacente."}], "lastModified": "2025-03-17T15:19:21.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF31C50-F7D0-4813-8646-D31DAD69EAB9", "versionEndExcluding": "6.6.15", "versionStartIncluding": "6.6.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF", "versionEndExcluding": "6.7.3", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}