CVE-2023-52807

high

Description

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs The hns3 driver define an array of string to show the coalesce info, but if the kernel adds a new mode or a new state, out-of-bounds access may occur when coalesce info is read via debugfs, this patch fix the problem.

References

https://git.kernel.org/stable/c/f79d985c69060047426be68b7e4c1663d5d731b4

https://git.kernel.org/stable/c/be1f703f39efa27b7371b9a4cd983317f1366792

https://git.kernel.org/stable/c/53aba458f23846112c0d44239580ff59bc5c36c3

https://git.kernel.org/stable/c/07f5b8c47152cadbd9102e053dcb60685820aa09

Details

Source: Mitre, NVD

Published: 2024-05-21

Updated: 2025-03-06

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High