Kernel Vulnerability in Linux Leading to Out-of-Bounds Access in Switchtec NTB Driver
CVE-2023-53034

Currently unrated

Key Information:

Vendor
Linux
Status
Vendor
CVE Published:
16 April 2025

Summary

A vulnerability in the Linux kernel's Switchtec NTB driver allows for out-of-bounds memory access due to an issue in the ntb_mw_clear_trans() API. This flaw occurs when both 'addr' and 'size' parameters receive a value of zero, leading to a negative 'xlate_pos'. Such conditions can trigger undefined behavior or potentially allow an attacker to exploit the system. The recent fix addresses this by ensuring that 'xlate_pos' remains non-negative before being processed, thereby mitigating the risk of exploitation. Regular updates and patches are essential to maintain system integrity.

Affected Version(s)

Linux 1e2fd202f8593985cdadca32e0c322f98e7fe7cb

Linux 1e2fd202f8593985cdadca32e0c322f98e7fe7cb < 5b6857bb3bfb0dae17fab1e42c1e82c204a508b1

Linux 1e2fd202f8593985cdadca32e0c322f98e7fe7cb < 2429bdf26a0f3950fdd996861e9c1a3873af1dbe

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.