CVE-2023-53019

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: mdio: validate parameter addr in mdiobus_get_phy()

The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass -1 as addr. Therefore validate addr before using it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7f854420fbfe9d49afe2ffb1df052cfe8e215541 < 1d80c259dfbadefa61b7ea334dfce5cb57f8c72faffected
LinuxLinux7f854420fbfe9d49afe2ffb1df052cfe8e215541 < c431a3d642593bbdb99e8a9e3eed608b730db6f8affected
LinuxLinux7f854420fbfe9d49afe2ffb1df052cfe8e215541 < 8a7b9560a3a8eb8724888c426e05926752f73aa0affected
LinuxLinux7f854420fbfe9d49afe2ffb1df052cfe8e215541 < 4bc5f1f6bc94e695dfd912122af96e7115a0ddb8affected
LinuxLinux7f854420fbfe9d49afe2ffb1df052cfe8e215541 < ad67de330d83e8078372b52af18ffe8d39e26c85affected
LinuxLinux7f854420fbfe9d49afe2ffb1df052cfe8e215541 < 7879626296e6ffd838ae0f2af1ab49ee46354973affected
LinuxLinux7f854420fbfe9d49afe2ffb1df052cfe8e215541 < 867dbe784c5010a466f00a7d1467c1c5ea569c75affected
LinuxLinux4.5affected
LinuxLinux0 < 4.5unaffected
LinuxLinux4.14.305 <= 4.14.*unaffected
LinuxLinux4.19.272 <= 4.19.*unaffected
LinuxLinux5.4.231 <= 5.4.*unaffected
LinuxLinux5.10.166 <= 5.10.*unaffected
LinuxLinux5.15.91 <= 5.15.*unaffected
LinuxLinux6.1.9 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References