CVE-2023-53340
EUVD-2023-5998617.09.2025, 15:15
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, However, mlx5 doesn't create a storage for this command, since mlx5 doesn't use it. This lead to array-index-out-of-bounds error. Fix it by checking whether the command is known before collecting the failure data.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.18 ≤ 𝑥 < 6.1.31 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.3.5 |
| linux | linux_kernel | 6.4:rc1 |
| linux | linux_kernel | 6.4:rc2 |
| linux | linux_kernel | 6.4:rc3 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||
|---|---|---|---|
| cluster-md-kmp-default |
| ||
| dlm-kmp-default |
| ||
| gfs2-kmp-default |
| ||
| kernel-64kb |
| ||
| kernel-default |
| ||
| kernel-default-base |
| ||
| kernel-docs |
| ||
| kernel-macros |
| ||
| kernel-obs-build |
| ||
| kernel-source |
| ||
| kernel-syms |
| ||
| kernel-zfcpdump |
| ||
| ocfs2-kmp-default |
| ||
| reiserfs-kmp-default |
|