Description

In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() if (!type) continue; if (type > RTAX_MAX) return -EINVAL; ... metrics[type - 1] = val; @type being used as an array index, we need to prevent cpu speculation or risk leaking kernel memory content.

INFO

Published Date :

2025-03-27T16:43:31.164Z

Last Modified :

2025-05-04T07:47:11.359Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-52997 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-52997.

URL Resource
https://git.kernel.org/stable/c/1d1d63b612801b3f0a39b7d4467cad0abd60e5c8 cve-icon cve-icon
https://git.kernel.org/stable/c/34c6142f0df9cd75cba5a7aa9df0960d2854b415 cve-icon cve-icon
https://git.kernel.org/stable/c/6850fe301d015a7d2012d1de8caf43dafb7cc2f6 cve-icon cve-icon
https://git.kernel.org/stable/c/746db9ec1e672eee13965625ddac0d97e16fa20c cve-icon cve-icon
https://git.kernel.org/stable/c/d50e7348b44f1e046121ff5be01b7fb6978a1149 cve-icon cve-icon
https://git.kernel.org/stable/c/ef050cf5fb70d995a0d03244e25179b7c66a924a cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025032710-CVE-2023-52997-dbca@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-52997 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-52997 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact