CVE-2023-53661

Summary

In the Linux kernel, the following vulnerability has been resolved:

bnxt: avoid overflow in bnxt_get_nvram_directory()

The value of an arithmetic expression is subject of possible overflow due to a failure to cast operands to a larger data type before performing arithmetic. Used macro for multiplication instead operator for avoiding overflow.

Found by Security Code and Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc0c050c58d840994ba842ad1c338a98e7c12b764 < d5eaf2a6b077f32a477feb1e9e1c1f60605b460eaffected
LinuxLinuxc0c050c58d840994ba842ad1c338a98e7c12b764 < efb1a257513438d43f4335f09b2f684e8167cad2affected
LinuxLinuxc0c050c58d840994ba842ad1c338a98e7c12b764 < 17e0453a7523ad7a25bb47af941b150a6c66d7b6affected
LinuxLinuxc0c050c58d840994ba842ad1c338a98e7c12b764 < 7c6dddc239abe660598c49ec95ea0ed6399a4b2aaffected
LinuxLinux4.4affected
LinuxLinux0 < 4.4unaffected
LinuxLinux5.15.113 <= 5.15.*unaffected
LinuxLinux6.1.30 <= 6.1.*unaffected
LinuxLinux6.3.4 <= 6.3.*unaffected
LinuxLinux6.4 <= *unaffected

Weaknesses

References