CVE-2023-52807

net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs The hns3 driver define an array of string to show the coalesce
info, but if the kernel adds a new mode or a new state,
out-of-bounds access may occur when coalesce info is read via
debugfs, this patch fix the problem.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: se puede corregir el acceso fuera de los límites cuando se lee la información fusionada a través de debugfs. El controlador hns3 define una matriz de cadenas para mostrar la información fusionada, pero si el kernel agrega un nuevo modo o un nuevo estado, puede ocurrir acceso fuera de los límites cuando se lee información fusionada a través de debugfs, este parche soluciona el problema.

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs The hns3 driver define an array of string to show the coalesce info, but if the kernel adds a new mode or a new state, out-of-bounds access may occur when coalesce info is read via debugfs, this patch fix the problem.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2025-04-15 EPSS Updated
2025-05-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/c99fead7cb07979f5db38035ccb5f02ad2c7106a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/07f5b8c47152cadbd9102e053dcb60685820aa09	2023-11-28
https://git.kernel.org/stable/c/be1f703f39efa27b7371b9a4cd983317f1366792	2023-11-28
https://git.kernel.org/stable/c/f79d985c69060047426be68b7e4c1663d5d731b4	2023-11-28
https://git.kernel.org/stable/c/53aba458f23846112c0d44239580ff59bc5c36c3	2023-11-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.1.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.1.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.6.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.7"		en		Affected