Kernel Vulnerability in Linux Leading to Out-of-Bounds Access in Switchtec NTB Driver
CVE-2023-53034
Summary
A vulnerability in the Linux kernel's Switchtec NTB driver allows for out-of-bounds memory access due to an issue in the ntb_mw_clear_trans() API. This flaw occurs when both 'addr' and 'size' parameters receive a value of zero, leading to a negative 'xlate_pos'. Such conditions can trigger undefined behavior or potentially allow an attacker to exploit the system. The recent fix addresses this by ensuring that 'xlate_pos' remains non-negative before being processed, thereby mitigating the risk of exploitation. Regular updates and patches are essential to maintain system integrity.
Affected Version(s)
Linux 1e2fd202f8593985cdadca32e0c322f98e7fe7cb
Linux 1e2fd202f8593985cdadca32e0c322f98e7fe7cb < 5b6857bb3bfb0dae17fab1e42c1e82c204a508b1
Linux 1e2fd202f8593985cdadca32e0c322f98e7fe7cb < 2429bdf26a0f3950fdd996861e9c1a3873af1dbe
References
Timeline
Vulnerability published
Vulnerability Reserved