Bug 1222054 (CVE-2023-52626)

Summary: VUL-0: CVE-2023-52626: kernel: net/mlx5e: out of bounds read in port timestamping napi_poll context
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: carlos.lopez, vasant.karasulli
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/399003/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-52626:6.1:(AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-03-27 10:36:56 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context

Indirection (*) is of lower precedence than postfix increment (++). Logic
in napi_poll context would cause an out-of-bound read by first increment
the pointer address by byte address space and then dereference the value.
Rather, the intended logic was to dereference first and then increment the
underlying value.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52626
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2023/CVE-2023-52626.mbox
https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790
https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0
https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a
https://www.cve.org/CVERecord?id=CVE-2023-52626
https://bugzilla.redhat.com/show_bug.cgi?id=2271680
Comment 1 Carlos López 2024-03-27 10:37:51 UTC 
Already fixed in SLE15-SP6-GA, older branches are not affected.
Comment 16 Andrea Mattiazzo 2024-05-29 11:59:42 UTC 
All done, closing.