CVE-2023-53495

HIGH

Linux Kernel 5.2-5.4.257 - Out-of-bounds Write in mvpp2_ethtool_get_rxnfc

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() rules is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rules to avoid OOB writing or NULL pointer dereference.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/ba6673824efa3dc198b04a54e69dce480066d7d9

Patch

https://git.kernel.org/stable/c/61054a8ddb176b155a8f2bacdfefb3727187f5d9

Patch

https://git.kernel.org/stable/c/5bb09dddc724c5f7c4dc6dd3bfebd685eecd93e8

Patch

https://git.kernel.org/stable/c/349638f7e5d3c7d328565587bb7b0454bbee02e2

Patch

https://git.kernel.org/stable/c/625b70d31dd4df4b96b3ddcbe251debb33bd67f5

Patch

https://git.kernel.org/stable/c/51fe0a470543f345e3c62b6798929de3ddcedc1d

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (16)

Linux/Linux < 5.2

Linux/Linux 5.10.195 - 5.10.*

Linux/Linux 5.15.132 - 5.15.*

Linux/Linux 5.2

Linux/Linux 5.4.257 - 5.4.*

Linux/Linux 6.1.54 - 6.1.*

Linux/Linux 6.5.4 - 6.5.*

Linux/Linux 6.6

Linux/Linux 90b509b39ac9b09be88eb641c7a3abd8de06b698 - 349638f7e5d3c7d328565587bb7b0454bbee02e2

Linux/Linux 90b509b39ac9b09be88eb641c7a3abd8de06b698 - 51fe0a470543f345e3c62b6798929de3ddcedc1d

... and 6 more

Published Oct 01, 2025

Tracked Since Feb 18, 2026