CVE-2023-52878

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds

If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message and return with an error.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa6e4bc5304033e434fabccabb230b8e9ff55d76f < 826120c9ba68f2d0dbae58e99013929c883d1444affected
LinuxLinuxa6e4bc5304033e434fabccabb230b8e9ff55d76f < 0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4affected
LinuxLinuxa6e4bc5304033e434fabccabb230b8e9ff55d76f < 53c468008a7c9ca3f5fc985951f35ec2acae85bcaffected
LinuxLinuxa6e4bc5304033e434fabccabb230b8e9ff55d76f < 8ab67da060157362b2e0926692c659808784708faffected
LinuxLinuxa6e4bc5304033e434fabccabb230b8e9ff55d76f < 6411959c10fe917288cbb1038886999148560057affected
LinuxLinux2.6.33affected
LinuxLinux0 < 2.6.33unaffected
LinuxLinux5.15.139 <= 5.15.*unaffected
LinuxLinux6.1.63 <= 6.1.*unaffected
LinuxLinux6.5.12 <= 6.5.*unaffected
LinuxLinux6.6.2 <= 6.6.*unaffected
LinuxLinux6.7 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References