CVE-2023-53034

ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans

Severity Score

7.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and
size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000
[ 23.734158] ================================================================================
[ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7
[ 23.734418] shift exponent -1 is negative Ensuring xlate_pos is a positive or zero before BIT.

In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000 [ 23.734158] ================================================================================ [ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7 [ 23.734418] shift exponent -1 is negative Ensuring xlate_pos is a positive or zero before BIT.

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-03-27 CVE Reserved
2025-04-16 CVE Published
2025-05-26 CVE Updated
2025-06-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/1e2fd202f8593985cdadca32e0c322f98e7fe7cb	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f56951f211f181410a383d305e8d370993e45294	2025-04-10
https://git.kernel.org/stable/c/5b6857bb3bfb0dae17fab1e42c1e82c204a508b1	2025-04-10
https://git.kernel.org/stable/c/2429bdf26a0f3950fdd996861e9c1a3873af1dbe	2025-04-10
https://git.kernel.org/stable/c/7ed22f8d8be26225a78cf5e85b2036421a6bf2d5	2025-04-10
https://git.kernel.org/stable/c/c61a3f2df162ba424be0141649a9ef5f28eaccc1	2025-04-10
https://git.kernel.org/stable/c/cb153bdc1812a3375639ed6ca5f147eaefb65349	2025-04-10
https://git.kernel.org/stable/c/36d32cfb00d42e865396424bb5d340fc0a28870d	2025-04-10
https://git.kernel.org/stable/c/0df2e03e4620548b41891b4e0d1bd9d2e0d8a39a	2025-04-10
https://git.kernel.org/stable/c/de203da734fae00e75be50220ba5391e7beecdf9	2025-03-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.4.292 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.4.292"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.10.236 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.10.236"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.15.180 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.15.180"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.1.134 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.1.134"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.6.87 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.6.87"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.12.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.12.23"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.13.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.13.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.14.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.14.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.15"		en		Affected