CVE-2023-53684

Summary

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Zero padding when dumping algos and encap

When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space.

This patch fixes the copying of xfrm algorithms and the encap template in xfrm_user so that padding is zeroed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc7a5899eb26e2a4d516d53f65b6dd67be2228041 < 0725daaa9a879388ed312110f62dbd5ea2d75f8faffected
LinuxLinuxc7a5899eb26e2a4d516d53f65b6dd67be2228041 < 5218af4ad5d8948faac19f71583bcd786c3852dfaffected
LinuxLinuxc7a5899eb26e2a4d516d53f65b6dd67be2228041 < 1a351e26cc010d6991fbbd5701ac16581372e26faffected
LinuxLinuxc7a5899eb26e2a4d516d53f65b6dd67be2228041 < 8222d5910dae08213b6d9d4bc9a7f8502855e624affected
LinuxLinux5.11affected
LinuxLinux0 < 5.11unaffected
LinuxLinux5.15.106 <= 5.15.*unaffected
LinuxLinux6.1.23 <= 6.1.*unaffected
LinuxLinux6.2.10 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References