CVE-2023-52532

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Fix TX CQE error handling

For an unknown TX CQE error type (probably from a newer hardware), still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong.

Also, TX errors can be triggered by injecting corrupted packets, so replace the WARN_ONCE to ratelimited error logging.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxca9c54d2d6a5ab2430c4eda364c77125d62e5e0f < b67d7b1bfc46d05c1a58b172516454698e8d5004affected
LinuxLinuxca9c54d2d6a5ab2430c4eda364c77125d62e5e0f < a910e0f6304726da30a212feecec65cb97ff7a80affected
LinuxLinuxca9c54d2d6a5ab2430c4eda364c77125d62e5e0f < b2b000069a4c307b09548dc2243f31f3ca0eac9caffected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux6.1.59 <= 6.1.*unaffected
LinuxLinux6.5.7 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References