Back

CVE-2023-52734

May 21, 2024, 4:53 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Linux kernel

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-21
CVE-2023-52734

CVE-2023-52734 details

Published : May 21, 2024, 4:15 p.m.
Last Modified : May 21, 2024, 4:53 p.m.

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch: Bounds check priority Nothing was explicitly bounds checking the priority index used to access clpriop[]. WARN and bail out early if it's pathological. Seen with GCC 13: ../net/sched/sch_htb.c: In function 'htb_activate_prios': ../net/sched/sch_htb.c:437:44: warning: array subscript [0, 31] is outside array bounds of 'struct htb_prio[8]' [-Warray-bounds=] 437 | if (p->inner.clprio[prio].feed.rb_node) | ~~~~~~~~~~~~~~~^~~~~~ ../net/sched/sch_htb.c:131:41: note: while referencing 'clprio' 131 | struct htb_prio clprio[TC_HTB_NUMPRIO]; | ^~~~~~

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://git.kernel.org/stable/c/90fcf55d83b20da1091f926a291af05fb74f61c6 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/99875ea9b5b47995bfb3c684d21eb17feb4b7e6a 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/de5ca4c3852f896cacac2bf259597aab5e17d9e3 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f6415c9c9a0b3881543d38528a58b54af4351522 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/fbe71c5dacaa5a9960323215f118958174c81aa0 416baaa9-dc9f-4396-8d5f-8c081fb06d67
This website uses the NVD API, but is not approved or certified by it.