Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context Indirection (*) is of lower precedence than postfix increment (++). Logic in napi_poll context would cause an out-of-bound read by first increment the pointer address by byte address space and then dereference the value. Rather, the intended logic was to dereference first and then increment the underlying value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.6.3, < 6.6.15 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0Patch
- https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143aPatch
- https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790Patch
- https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0Patch
- https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143aPatch
- https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790Patch
FAQ
What is CVE-2023-52626?
CVE-2023-52626 is a vulnerability with a CVSS score of 7.1 (HIGH). In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context Indirection (*) is of lower precedence than postfix...
How severe is CVE-2023-52626?
CVE-2023-52626 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-52626?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.