CVE-2023-52734

May 21, 2024, 4:53 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch: Bounds check priority Nothing was explicitly bounds checking the priority index used to access clpriop[]. WARN and bail out early if it's pathological. Seen with GCC 13: ../net/sched/sch_htb.c: In function 'htb_activate_prios': ../net/sched/sch_htb.c:437:44: warning: array subscript [0, 31] is outside array bounds of 'struct htb_prio[8]' [-Warray-bounds=] 437 | if (p->inner.clprio[prio].feed.rb_node) | ~~~~~~~~~~~~~~~^~~~~~ ../net/sched/sch_htb.c:131:41: note: while referencing 'clprio' 131 | struct htb_prio clprio[TC_HTB_NUMPRIO]; | ^~~~~~

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/90fcf55d83b20da1091f926a291af05fb74f61c6
https://git.kernel.org/stable/c/99875ea9b5b47995bfb3c684d21eb17feb4b7e6a
https://git.kernel.org/stable/c/de5ca4c3852f896cacac2bf259597aab5e17d9e3
https://git.kernel.org/stable/c/f6415c9c9a0b3881543d38528a58b54af4351522
https://git.kernel.org/stable/c/fbe71c5dacaa5a9960323215f118958174c81aa0

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-21
CVE-2023-52734

Timeline

Published: May 21, 2024, 4:15 p.m.
Last Modified: May 21, 2024, 4:53 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.