fkie_cve-2023-53019
Vulnerability from fkie_nvd
Published
2025-03-27 17:15
Modified
2025-03-28 18:11
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass -1 as addr. Therefore validate addr before using it.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1d80c259dfbadefa61b7ea334dfce5cb57f8c72f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4bc5f1f6bc94e695dfd912122af96e7115a0ddb8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7879626296e6ffd838ae0f2af1ab49ee46354973
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/867dbe784c5010a466f00a7d1467c1c5ea569c75
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8a7b9560a3a8eb8724888c426e05926752f73aa0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ad67de330d83e8078372b52af18ffe8d39e26c85
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c431a3d642593bbdb99e8a9e3eed608b730db6f8
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: validate parameter addr in mdiobus_get_phy()\n\nThe caller may pass any value as addr, what may result in an out-of-bounds\naccess to array mdio_map. One existing case is stmmac_init_phy() that\nmay pass -1 as addr. Therefore validate addr before using it."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mdio: validar el par\u00e1metro addr en mdiobus_get_phy(). El llamador puede pasar cualquier valor como addr, lo que puede resultar en un acceso fuera de l\u00edmites a la matriz mdio_map. Un caso existente es stmmac_init_phy(), que puede pasar -1 como addr. Por lo tanto, valide addr antes de usarlo."
    }
  ],
  "id": "CVE-2023-53019",
  "lastModified": "2025-03-28T18:11:40.180",
  "metrics": {},
  "published": "2025-03-27T17:15:51.330",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1d80c259dfbadefa61b7ea334dfce5cb57f8c72f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4bc5f1f6bc94e695dfd912122af96e7115a0ddb8"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7879626296e6ffd838ae0f2af1ab49ee46354973"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/867dbe784c5010a466f00a7d1467c1c5ea569c75"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8a7b9560a3a8eb8724888c426e05926752f73aa0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ad67de330d83e8078372b52af18ffe8d39e26c85"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c431a3d642593bbdb99e8a9e3eed608b730db6f8"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.