Bug 1222054 (CVE-2023-52626) - VUL-0: CVE-2023-52626: kernel: net/mlx5e: out of bounds read in port timestamping napi_poll context
Summary: VUL-0: CVE-2023-52626: kernel: net/mlx5e: out of bounds read in port timestam...
Status: RESOLVED FIXED
Alias: CVE-2023-52626
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/399003/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-52626:6.1:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-27 10:36 UTC by SMASH SMASH
Modified: 2024-06-25 18:23 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-03-27 10:36:56 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context

Indirection (*) is of lower precedence than postfix increment (++). Logic
in napi_poll context would cause an out-of-bound read by first increment
the pointer address by byte address space and then dereference the value.
Rather, the intended logic was to dereference first and then increment the
underlying value.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52626
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2023/CVE-2023-52626.mbox
https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790
https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0
https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a
https://www.cve.org/CVERecord?id=CVE-2023-52626
https://bugzilla.redhat.com/show_bug.cgi?id=2271680
Comment 1 Carlos López 2024-03-27 10:37:51 UTC 
Already fixed in SLE15-SP6-GA, older branches are not affected.
Comment 16 Andrea Mattiazzo 2024-05-29 11:59:42 UTC 
All done, closing.