CVE-2023-53340

Опубликовано: 17 сент. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Collect command failures data only for known commands

DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't create a storage for this command, since mlx5 doesn't use it. This lead to array-index-out-of-bounds error.

Fix it by checking whether the command is known before collecting the failure data.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.18 (включая) до 6.1.31 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.3.5 (исключая)

cpe:2.3:o:linux:linux_kernel:6.4:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.4:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:6.4:rc3:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00022

Низкий

7.8 High

CVSS3

Дефекты

CWE-129

Связанные уязвимости

CVE-2023-53340

CVSS3: 7.8

ubuntu

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't create a storage for this command, since mlx5 doesn't use it. This lead to array-index-out-of-bounds error. Fix it by checking whether the command is known before collecting the failure data.

CVE-2023-53340

CVSS3: 7

redhat

5 месяцев назад

CVE-2023-53340

CVSS3: 7.8

debian

5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: n ...

GHSA-cx33-4cq6-86x6

CVSS3: 7.8

github

5 месяцев назад

SUSE-SU-2025:03615-1

suse-cvrf

4 месяца назад

Security update for the Linux Kernel

EPSS

Процентиль: 5%

0.00022

Низкий

7.8 High

CVSS3

Дефекты

CWE-129