CVE-2023-52669
crypto: s390/aes - Fix buffer overread in CTR mode
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
crypto: s390/aes - Fix buffer overread in CTR mode
When processing the last block, the s390 ctr code will always read
a whole block, even if there isn't a whole block of data left. Fix
this by using the actual length left and copy it into a buffer first
for processing.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: s390/aes - Corrige la sobrelectura del buffer en modo CTR Al procesar el último bloque, el código ctr s390 siempre leerá un bloque completo, incluso si no hay un bloque completo de datos restantes. Solucione este problema utilizando la longitud real restante y cópielo primero en un búfer para procesarlo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-03-07 CVE Reserved
- 2024-05-17 CVE Published
- 2024-05-18 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/0200f3ecc19660bebeabbcbaf212957fcf1dbf8f | Vuln. Introduced | |
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-52669 | 2024-07-02 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2281346 | 2024-07-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.0 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 5.10.210" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.0 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 5.15.149" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.0 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 6.1.76" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.0 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 6.6.15" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.0 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 6.7.3" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.0 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0 < 6.8" | en |
Affected
|