CVE-2023-53034

16.04.2025, 15:15

In the Linux kernel, the following vulnerability has been resolved:

ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans

There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and
size. This would make xlate_pos negative.

[   23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000
[   23.734158] ================================================================================
[   23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7
[   23.734418] shift exponent -1 is negative

Ensuring xlate_pos is a positive or zero before BIT.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Linux	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Vendor	Product	Version
linux	linux_kernel	4.16 ≤ 𝑥 < 5.4.292
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.236
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.180
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.134
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.87
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.23
linux	linux_kernel	6.13 ≤ 𝑥 < 6.13.11
linux	linux_kernel	6.14 ≤ 𝑥 < 6.14.2