CVE-2023-52746 : In the Linux kernel, the following vulnerability has been resolved: xfrm/compat

In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can be used as a Spectre v1 gadget. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users.

Published 2024-05-21 15:23:07

Updated 2025-04-02 14:50:27

Source Linux

View at NVD, CVE.org

Products affected by CVE-2023-52746

Linux » Linux Kernel
Versions from including (>=) 5.10 and before (<) 5.10.168
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.94
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.16 and before (<) 6.1.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.2 Update RC1
cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.2 Update RC2
cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.2 Update RC3
cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.2 Update RC4
cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.2 Update RC5
cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.2 Update RC6
cpe:2.3:o:linux:linux_kernel:6.2:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.2 Update RC7
cpe:2.3:o:linux:linux_kernel:6.2:rc7:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-52746

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 17 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-52746

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.5	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N	1.0	1.4	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-07
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2023-52746

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-52746

https://git.kernel.org/stable/c/419674224390fca298020fc0751a20812f84b12d

xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/a893cc644812728e86e9aff517fd5698812ecef0

xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/5dc688fae6b7be9dbbf5304a3d2520d038e06db5

xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/b6ee896385380aa621102e8ea402ba12db1cabff

xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2023-52746

Products affected by CVE-2023-52746

Exploit prediction scoring system (EPSS) score for CVE-2023-52746

CVSS scores for CVE-2023-52746

CWE ids for CVE-2023-52746

References for CVE-2023-52746