CVE-2023-52746

Summary

In the Linux kernel, the following vulnerability has been resolved:

xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()

int type = nla_type(nla);

if (type > XFRMA_MAX) { return -EOPNOTSUPP; }

@type is then used as an array index and can be used as a Spectre v1 gadget.

if (nla_len(nla) < compat_policy[type].len) {

array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5106f4a8acff480e244300bc5097c0ad7048c3a2 < a893cc644812728e86e9aff517fd5698812ecef0affected
LinuxLinux5106f4a8acff480e244300bc5097c0ad7048c3a2 < 5dc688fae6b7be9dbbf5304a3d2520d038e06db5affected
LinuxLinux5106f4a8acff480e244300bc5097c0ad7048c3a2 < 419674224390fca298020fc0751a20812f84b12daffected
LinuxLinux5106f4a8acff480e244300bc5097c0ad7048c3a2 < b6ee896385380aa621102e8ea402ba12db1cabffaffected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux5.10.168 <= 5.10.*unaffected
LinuxLinux5.15.94 <= 5.15.*unaffected
LinuxLinux6.1.12 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References