{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52532", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.319Z", "datePublished": "2024-03-02T21:52:36.292Z", "dateUpdated": "2024-12-19T08:21:36.230Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:21:36.230Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix TX CQE error handling\n\nFor an unknown TX CQE error type (probably from a newer hardware),\nstill free the SKB, update the queue tail, etc., otherwise the\naccounting will be wrong.\n\nAlso, TX errors can be triggered by injecting corrupted packets, so\nreplace the WARN_ONCE to ratelimited error logging."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/microsoft/mana/mana_en.c"], "versions": [{"version": "ca9c54d2d6a5ab2430c4eda364c77125d62e5e0f", "lessThan": "b67d7b1bfc46d05c1a58b172516454698e8d5004", "status": "affected", "versionType": "git"}, {"version": "ca9c54d2d6a5ab2430c4eda364c77125d62e5e0f", "lessThan": "a910e0f6304726da30a212feecec65cb97ff7a80", "status": "affected", "versionType": "git"}, {"version": "ca9c54d2d6a5ab2430c4eda364c77125d62e5e0f", "lessThan": "b2b000069a4c307b09548dc2243f31f3ca0eac9c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/microsoft/mana/mana_en.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.59", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.7", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b67d7b1bfc46d05c1a58b172516454698e8d5004"}, {"url": "https://git.kernel.org/stable/c/a910e0f6304726da30a212feecec65cb97ff7a80"}, {"url": "https://git.kernel.org/stable/c/b2b000069a4c307b09548dc2243f31f3ca0eac9c"}], "title": "net: mana: Fix TX CQE error handling", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52532", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T20:33:23.323404Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:22:59.938Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.762Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b67d7b1bfc46d05c1a58b172516454698e8d5004", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a910e0f6304726da30a212feecec65cb97ff7a80", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b2b000069a4c307b09548dc2243f31f3ca0eac9c", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b67d7b1bfc46d05c1a58b172516454698e8d5004", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a910e0f6304726da30a212feecec65cb97ff7a80", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b2b000069a4c307b09548dc2243f31f3ca0eac9c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.762Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52532", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-04T20:33:23.323404Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.895Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "net: mana: Fix TX CQE error handling", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "ca9c54d2d6a5", "lessThan": "b67d7b1bfc46", "versionType": "git"}, {"status": "affected", "version": "ca9c54d2d6a5", "lessThan": "a910e0f63047", "versionType": "git"}, {"status": "affected", "version": "ca9c54d2d6a5", "lessThan": "b2b000069a4c", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/microsoft/mana/mana_en.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.13"}, {"status": "unaffected", "version": "0", "lessThan": "5.13", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.59", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.7", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/microsoft/mana/mana_en.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b67d7b1bfc46d05c1a58b172516454698e8d5004"}, {"url": "https://git.kernel.org/stable/c/a910e0f6304726da30a212feecec65cb97ff7a80"}, {"url": "https://git.kernel.org/stable/c/b2b000069a4c307b09548dc2243f31f3ca0eac9c"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix TX CQE error handling\n\nFor an unknown TX CQE error type (probably from a newer hardware),\nstill free the SKB, update the queue tail, etc., otherwise the\naccounting will be wrong.\n\nAlso, TX errors can be triggered by injecting corrupted packets, so\nreplace the WARN_ONCE to ratelimited error logging."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:41.943Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52532", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:48:41.943Z", "dateReserved": "2024-02-20T12:30:33.319Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:36.292Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "56DFEAAF-B938-46AB-9C90-219A4FFA60EF", "versionEndExcluding": "6.1.59", "versionStartIncluding": "5.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "830A824C-F212-4FDC-ADEF-0EBEC6B2365B", "versionEndExcluding": "6.5.7", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix TX CQE error handling\n\nFor an unknown TX CQE error type (probably from a newer hardware),\nstill free the SKB, update the queue tail, etc., otherwise the\naccounting will be wrong.\n\nAlso, TX errors can be triggered by injecting corrupted packets, so\nreplace the WARN_ONCE to ratelimited error logging."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mana: corrige el manejo de errores de TX CQE Para un tipo de error de TX CQE desconocido (probablemente de un hardware m\u00e1s nuevo), a\u00fan libere el SKB, actualice la cola de cola, etc.; de lo contrario, la contabilidad estar\u00e1 equivocada. Adem\u00e1s, los errores de TX pueden desencadenarse al inyectar paquetes corruptos, as\u00ed que reemplace WARN_ONCE para registrar errores con velocidad limitada."}], "id": "CVE-2023-52532", "lastModified": "2025-01-16T16:48:47.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-02T22:15:48.660", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a910e0f6304726da30a212feecec65cb97ff7a80"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b2b000069a4c307b09548dc2243f31f3ca0eac9c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b67d7b1bfc46d05c1a58b172516454698e8d5004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a910e0f6304726da30a212feecec65cb97ff7a80"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b2b000069a4c307b09548dc2243f31f3ca0eac9c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b67d7b1bfc46d05c1a58b172516454698e8d5004"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: mana: Fix TX CQE error handling", "id": "2267785", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267785"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: mana: Fix TX CQE error handling\nFor an unknown TX CQE error type (probably from a newer hardware),\nstill free the SKB, update the queue tail, etc., otherwise the\naccounting will be wrong.\nAlso, TX errors can be triggered by injecting corrupted packets, so\nreplace the WARN_ONCE to ratelimited error logging."], "name": "CVE-2023-52532", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52532\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52532\nhttps://lore.kernel.org/linux-cve-announce/2024030255-CVE-2023-52532-57db@gregkh/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.59, kernel 6.5.7, kernel 6.6"}