Kernel Vulnerability in Linux Leading to Out-of-Bounds Access in Switchtec NTB Driver
CVE-2023-53034

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 April 2025

Summary

A vulnerability in the Linux kernel's Switchtec NTB driver allows for out-of-bounds memory access due to an issue in the ntb_mw_clear_trans() API. This flaw occurs when both 'addr' and 'size' parameters receive a value of zero, leading to a negative 'xlate_pos'. Such conditions can trigger undefined behavior or potentially allow an attacker to exploit the system. The recent fix addresses this by ensuring that 'xlate_pos' remains non-negative before being processed, thereby mitigating the risk of exploitation. Regular updates and patches are essential to maintain system integrity.

Affected Version(s)

Linux 1e2fd202f8593985cdadca32e0c322f98e7fe7cb

Linux 1e2fd202f8593985cdadca32e0c322f98e7fe7cb < 5b6857bb3bfb0dae17fab1e42c1e82c204a508b1

Linux 1e2fd202f8593985cdadca32e0c322f98e7fe7cb < 2429bdf26a0f3950fdd996861e9c1a3873af1dbe

References

https://git.kernel.org/stable/c/f56951f211f181410a383d305...

https://git.kernel.org/stable/c/5b6857bb3bfb0dae17fab1e42...

https://git.kernel.org/stable/c/2429bdf26a0f3950fdd996861...

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Mar 27, 2025