github - ghsa-qggq-gw32-wcq3

ghsa-qggq-gw32-wcq3

Vulnerability from github

Published

2024-03-26 18:32

Modified

2024-03-26 18:32

Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context

Indirection (*) is of lower precedence than postfix increment (++). Logic in napi_poll context would cause an out-of-bound read by first increment the pointer address by byte address space and then dereference the value. Rather, the intended logic was to dereference first and then increment the underlying value.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52626"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-26T18:15:09Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix operation precedence bug in port timestamping napi_poll context\n\nIndirection (*) is of lower precedence than postfix increment (++). Logic\nin napi_poll context would cause an out-of-bound read by first increment\nthe pointer address by byte address space and then dereference the value.\nRather, the intended logic was to dereference first and then increment the\nunderlying value.",
  "id": "GHSA-qggq-gw32-wcq3",
  "modified": "2024-03-26T18:32:07Z",
  "published": "2024-03-26T18:32:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52626"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2023-52626

Vulnerability from cvelistv5

Published

2024-03-26 17:49

Modified

2024-09-11 17:33

Severity

Summary

net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context

References

URL	Tags
https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790
https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0
https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52626",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:54:09.330337Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:43.784Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "40e0d0746390",
              "status": "affected",
              "version": "e5d30f7da357",
              "versionType": "git"
            },
            {
              "lessThan": "33cdeae8c6fb",
              "status": "affected",
              "version": "92214be5979c",
              "versionType": "git"
            },
            {
              "lessThan": "3876638b2c7e",
              "status": "affected",
              "version": "92214be5979c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix operation precedence bug in port timestamping napi_poll context\n\nIndirection (*) is of lower precedence than postfix increment (++). Logic\nin napi_poll context would cause an out-of-bound read by first increment\nthe pointer address by byte address space and then dereference the value.\nRather, the intended logic was to dereference first and then increment the\nunderlying value."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:14:39.505Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790"
        },
        {
          "url": "https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0"
        },
        {
          "url": "https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a"
        }
      ],
      "title": "net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52626",
    "datePublished": "2024-03-26T17:49:59.220Z",
    "dateReserved": "2024-03-06T09:52:12.090Z",
    "dateUpdated": "2024-09-11T17:33:43.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.