CVE-2023-52807: net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs

Description

In the Linux kernel, the following vulnerability has been resolved:

net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs

The hns3 driver define an array of string to show the coalesce
info, but if the kernel adds a new mode or a new state,
out-of-bounds access may occur when coalesce info is read via
debugfs, this patch fix the problem.

Classification

CVE ID: CVE-2023-52807

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/07f5b8c47152cadbd9102e053dcb60685820aa09
https://git.kernel.org/stable/c/be1f703f39efa27b7371b9a4cd983317f1366792
https://git.kernel.org/stable/c/f79d985c69060047426be68b7e4c1663d5d731b4
https://git.kernel.org/stable/c/53aba458f23846112c0d44239580ff59bc5c36c3

Timeline

2024-12-20 00:32:11 UTC
CVE

net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs