CVE-2023-52616

crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not
cleared, causing a crash when referencing the field when the
structure was released. Initially, this issue was ignored because
memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.
For example, this error will be triggered when calculating the
Za value for SM2 separately.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: lib/mpi: corrige el acceso inesperado al puntero en mpi_ec_init Cuando se inicializa la estructura mpi_ec_ctx, algunos campos no se borran, lo que provoca un bloqueo al hacer referencia al campo cuando se lanzó la estructura. Inicialmente, este problema se ignoró porque la memoria para mpi_ec_ctx se asigna con el indicador __GFP_ZERO. Por ejemplo, este error se activará al calcular el valor Za para SM2 por separado.

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this issue was ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will be triggered when calculating the Za value for SM2 separately.

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-03-18 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/d58bb7e55a8a65894cc02f27c3e2bf9403e7c40f	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0c3687822259a7628c85cd21a3445cbe3c367165	2024-02-23
https://git.kernel.org/stable/c/2bb86817b33c9d704e127f92b838035a72c315b6	2024-02-23
https://git.kernel.org/stable/c/bb44477d4506e52785693a39f03cdc6a2c5e8598	2024-02-23
https://git.kernel.org/stable/c/7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a	2024-02-01
https://git.kernel.org/stable/c/7abdfd45a650c714d5ebab564bb1b988f14d9b49	2024-02-01
https://git.kernel.org/stable/c/ba3c5574203034781ac4231acf117da917efcd2a	2023-12-22

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.10.210"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.1.79 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.1.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.6.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.7.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.8"		en		Affected