lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050211-CVE-2023-53066-cba3@gregkh> Date: Fri, 2 May 2025 17:55:31 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. The Linux kernel CVE team has assigned CVE-2023-53066 to this issue. Affected and fixed versions =========================== Issue introduced in 4.7 with commit 733def6a04bf3d2810dd675e1240f8df94d633c3 and fixed in 4.14.312 with commit 7bd0037822fd04da13721f77a42ee5a077d4c5fb Issue introduced in 4.7 with commit 733def6a04bf3d2810dd675e1240f8df94d633c3 and fixed in 4.19.280 with commit 7742c08e012eb65405e8304d100641638c5ff882 Issue introduced in 4.7 with commit 733def6a04bf3d2810dd675e1240f8df94d633c3 and fixed in 5.4.240 with commit 42d72c6d1edc9dc09a5d6f6695d257fa9e9cc270 Issue introduced in 4.7 with commit 733def6a04bf3d2810dd675e1240f8df94d633c3 and fixed in 5.10.177 with commit 39c3b9dd481c3afce9439b29bafe00444cb4406b Issue introduced in 4.7 with commit 733def6a04bf3d2810dd675e1240f8df94d633c3 and fixed in 5.15.105 with commit e42d3bde4ec03c863259878dddaef5c351cca7ad Issue introduced in 4.7 with commit 733def6a04bf3d2810dd675e1240f8df94d633c3 and fixed in 6.1.22 with commit 97ea704f39b5ded96f071e98701aa543f6f89683 Issue introduced in 4.7 with commit 733def6a04bf3d2810dd675e1240f8df94d633c3 and fixed in 6.2.9 with commit b224b0cab3a66e93d414825065a2e667a1d28c32 Issue introduced in 4.7 with commit 733def6a04bf3d2810dd675e1240f8df94d633c3 and fixed in 6.3 with commit 25143b6a01d0cc5319edd3de22ffa2578b045550 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53066 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/qlogic/qed/qed_sriov.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7bd0037822fd04da13721f77a42ee5a077d4c5fb https://git.kernel.org/stable/c/7742c08e012eb65405e8304d100641638c5ff882 https://git.kernel.org/stable/c/42d72c6d1edc9dc09a5d6f6695d257fa9e9cc270 https://git.kernel.org/stable/c/39c3b9dd481c3afce9439b29bafe00444cb4406b https://git.kernel.org/stable/c/e42d3bde4ec03c863259878dddaef5c351cca7ad https://git.kernel.org/stable/c/97ea704f39b5ded96f071e98701aa543f6f89683 https://git.kernel.org/stable/c/b224b0cab3a66e93d414825065a2e667a1d28c32 https://git.kernel.org/stable/c/25143b6a01d0cc5319edd3de22ffa2578b045550
Powered by blists - more mailing lists