CVE-2023-53442

In the Linux kernel, the following vulnerability has been resolved:

ice: Block switchdev mode when ADQ is active and vice versa

ADQ and switchdev are not supported simultaneously. Enabling both at the
same time can result in nullptr dereference.

To prevent this, check if ADQ is active when changing devlink mode to
switchdev mode, and check if switchdev is active when enabling ADQ.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.47
linuxlinux_kernel
6.2 ≤
𝑥
< 6.4.12
linuxlinux_kernel
6.5:rc1
linuxlinux_kernel
6.5:rc2
linuxlinux_kernel
6.5:rc3
linuxlinux_kernel
6.5:rc4
linuxlinux_kernel
6.5:rc5
linuxlinux_kernel
6.5:rc6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.237-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
forky
6.16.7-1
fixed
sid
6.16.7-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/1c82d1b736ce85e77fd4da05eca6f1f4a52a2bc3
https://git.kernel.org/stable/c/24f0d69da35d812b3a1104918014a29627140cb1
https://git.kernel.org/stable/c/43d00e102d9ecbe2635d7e3f2e14d2e90183d6af