Description

In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can be used as a Spectre v1 gadget. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users.

INFO

Published Date :

2024-05-21T15:23:07.255Z

Last Modified :

2025-05-04T07:42:23.312Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-52746 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-52746.

URL Resource
https://git.kernel.org/stable/c/419674224390fca298020fc0751a20812f84b12d cve-icon cve-icon
https://git.kernel.org/stable/c/5dc688fae6b7be9dbbf5304a3d2520d038e06db5 cve-icon cve-icon
https://git.kernel.org/stable/c/a893cc644812728e86e9aff517fd5698812ecef0 cve-icon cve-icon
https://git.kernel.org/stable/c/b6ee896385380aa621102e8ea402ba12db1cabff cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052103-CVE-2023-52746-0476@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-52746 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-52746 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact