CVE-2023-53495

Sažetak

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() rules is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rules to avoid OOB writing or NULL pointer dereference.

Reference

https://git.kernel.org/stable/c/349638f7e5d3c7d328565587bb7b0454bbee02e2
https://git.kernel.org/stable/c/51fe0a470543f345e3c62b6798929de3ddcedc1d
https://git.kernel.org/stable/c/5bb09dddc724c5f7c4dc6dd3bfebd685eecd93e8
https://git.kernel.org/stable/c/61054a8ddb176b155a8f2bacdfefb3727187f5d9
https://git.kernel.org/stable/c/625b70d31dd4df4b96b3ddcbe251debb33bd67f5
https://git.kernel.org/stable/c/ba6673824efa3dc198b04a54e69dce480066d7d9

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

16-01-2026 - 20:46

Objavljeno

01-10-2025 - 12:15