| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050202-CVE-2023-53040-141f@gregkh> Date: Fri, 2 May 2025 17:55:05 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53040: ca8210: fix mac_len negative array access From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails. The Linux kernel CVE team has assigned CVE-2023-53040 to this issue. Affected and fixed versions =========================== Fixed in 4.14.312 with commit 55d836f75778d2e2cafe37e023f9c106400bad4b Fixed in 4.19.280 with commit 5da4469a7aa011de614c3e2ae383c35a353a382e Fixed in 5.4.240 with commit d2b3bd0d4cadfdb7f3454d2aef9d5d9e8b48aae4 Fixed in 5.10.177 with commit 7df72bedbdd1d02bb216e1f6eca0a16900238c4e Fixed in 5.15.105 with commit d143e327c97241599c958d1ba9fbaa88c37db721 Fixed in 6.1.22 with commit fd176a18db96d574d8c4763708abcec4444a08b6 Fixed in 6.2.9 with commit 918944526a386f186dd818ea6b0bcbed75d8c16b Fixed in 6.3 with commit 6c993779ea1d0cccdb3a5d7d45446dd229e610a3 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53040 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ieee802154/ca8210.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/55d836f75778d2e2cafe37e023f9c106400bad4b https://git.kernel.org/stable/c/5da4469a7aa011de614c3e2ae383c35a353a382e https://git.kernel.org/stable/c/d2b3bd0d4cadfdb7f3454d2aef9d5d9e8b48aae4 https://git.kernel.org/stable/c/7df72bedbdd1d02bb216e1f6eca0a16900238c4e https://git.kernel.org/stable/c/d143e327c97241599c958d1ba9fbaa88c37db721 https://git.kernel.org/stable/c/fd176a18db96d574d8c4763708abcec4444a08b6 https://git.kernel.org/stable/c/918944526a386f186dd818ea6b0bcbed75d8c16b https://git.kernel.org/stable/c/6c993779ea1d0cccdb3a5d7d45446dd229e610a3
Powered by blists - more mailing lists