CVE-2023-52878

can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_skb" is accessed out of bounds, this
would cause a kernel crash. Instead, issue a meaningful warning
message and return with an error.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: dev: can_put_echo_skb(): no bloquee el kernel si se accede a can_priv::echo_skb fuera de los límites. Si se accede a "struct can_priv::echoo_skb" fuera de los límites, esto provocaría un fallo del kernel. En su lugar, emita un mensaje de advertencia significativo y regrese con un error.

In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message and return with an error.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/a6e4bc5304033e434fabccabb230b8e9ff55d76f	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/826120c9ba68f2d0dbae58e99013929c883d1444	2023-11-20
https://git.kernel.org/stable/c/0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4	2023-11-20
https://git.kernel.org/stable/c/53c468008a7c9ca3f5fc985951f35ec2acae85bc	2023-11-20
https://git.kernel.org/stable/c/8ab67da060157362b2e0926692c659808784708f	2023-11-20
https://git.kernel.org/stable/c/6411959c10fe917288cbb1038886999148560057	2023-10-05

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52878	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2282680	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 5.15.139 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 5.15.139"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 6.1.63 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.1.63"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 6.5.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.5.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 6.6.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.6.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.33 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.33 < 6.7"		en		Affected