From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A413620DD3 for ; Tue, 26 Mar 2024 17:50:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711475419; cv=none; b=JIxSji119ysXvNV0ahlM+GmfCTWDpfJLZGDt1JAoKKhPF48BnxaCyxLJdKwlkTnfvvBDy2hptIeGM8+GLEONCDvB+bqCSOjAqArljf6GA8aw7h0TPyh/9UpK8IAa2WG7zF4wLaZ0hb2QPFq7cyItZcR2Xm2sVbimddx98Kx0iCM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711475419; c=relaxed/simple; bh=MMZDgBQxa8xh+CyibRdwYNFd1lUsJPJFapIICmO9hRE=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=qL/B1xJkX4gFkFFsLhj7Xr48IDghNPmXAwt1h29Vszi+JyexkA7bOAAq1oX+Ylz1JZ4k+2zLktwLEnx9UDGqAO0gvww8Q22Su3DiODF4NUQEeKWbKfRGt7B+nIvRCQlfCUzxLXzDFFMJZ6L4yS08m5jADtkRyOFUH1yWNY+MAfM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EZSxQi4Z; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EZSxQi4Z" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9579EC43390; Tue, 26 Mar 2024 17:50:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711475419; bh=MMZDgBQxa8xh+CyibRdwYNFd1lUsJPJFapIICmO9hRE=; h=From:To:Cc:Subject:Date:Reply-to:From; b=EZSxQi4Z25d9dfhV0cfLLGgieu+Tg3W2MeVe1KjlW3KhKfriU4wcCfQLsGKDCFfhA Je8cWqA/aGx4Xk663UE8kK3MMcyqKbglGCa0W3Ywq3quFeWOqaGq40vgUNsCf6fVyU APwawbPuDLbCk6RO9Up6KDgf7sIj66FgMRwXy1MoAzscalSn1G0EWHkbF3F37lBUlW 2fNJ7IkF2WhBJw306LTu1LTajHT+QNoD1Ul2ztmCyyLYfNe7LhNYWRm2YVjkh06S4c 9MOznCf5yOoC3/aejK75c0nBTr+fhPa7O1EwPN39IcF6xQWMSHx9JXxVXJIlMh2ogI seaZVWbDqF7gg== From: Lee Jones To: linux-cve-announce@vger.kernel.org Cc: Lee Jones Subject: CVE-2023-52626: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context Date: Tue, 26 Mar 2024 17:50:10 +0000 Message-ID: <20240326175007.1388794-12-lee@kernel.org> X-Mailer: git-send-email 2.44.0.396.g6e790dbe36-goog Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=2184; i=lee@kernel.org; h=from:subject; bh=MMZDgBQxa8xh+CyibRdwYNFd1lUsJPJFapIICmO9hRE=; b=owEBbQKS/ZANAwAKAVGvii+H/HdhAcsmYgBmAwrQIZpd6+FBTztk8rmeXMdy5PHA6TdR5LmUH QgavwABhSOJAjMEAAEKAB0WIQR2tsk1o74gmpTwh0hRr4ovh/x3YQUCZgMK0AAKCRBRr4ovh/x3 YZVDD/99fU+Dx1GUrvE5igbHbp47mdaCLPHTnYl6IMPwkgIwFbnP9U5FfiXtD+4ZcPSkVamikoe fnRCIrdheZiJbF9YNAkIpJ0Qs7ars/shQ/hNFhViU68QYLbypIJX9A7XUGDVkFPM3ADqOIwHJ/L bwL8msXF/V+po5wXl8WWsLsN6yRiyRophyvh4JsHlmNbz7WSEpYyby5bGqP8Hh+JtJY1SSqMKZp Lwd4pmNrqr5Xll+NIP47TGBUUAZ7hYarwkxw5bDWk6JT8uXZSFrDWI0NFX05F+pIR4cMLYUsJ8Y JdUAp/Bgwyb89TK548pqLLUMoUS/5VlgzjtEKDiMaMAbJxZckondYD3J4uO0+wKCRn48P/BIeUg Bwrdh4WR7+5FfHGaWXI8DrIFZ5SDhpjpTgAf76/IWUTIOhMAxZxxv8371Qh8+alXBIJqp93dAE6 bZVVPlRKwYMCTxVTrUqr+LjUXweGqksVE9Ns+jhILg75PhVoLkPe9odSaJy/Ix5SDbsfRYuHu1h q1R+Zd+bUcEsLS3kM/jold3Orr424yg5cfCE9lmi+UlEwrizlOLe99/2t0r9wvOqhMhsaP/3N9r lVYuV8EHL5BhFtfl4p1j7sq7UljFBJBh9mO7CwCRroz82W2udM93Cd332lUrvnjjD5dd1Zx5jAQ PsJKVgzyVgVJW4g== X-Developer-Key: i=lee@kernel.org; a=openpgp; fpr=76B6C935A3BE209A94F0874851AF8A2F87FC7761 Content-Transfer-Encoding: 8bit Description =========== In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context Indirection (*) is of lower precedence than postfix increment (++). Logic in napi_poll context would cause an out-of-bound read by first increment the pointer address by byte address space and then dereference the value. Rather, the intended logic was to dereference first and then increment the underlying value. The Linux kernel CVE team has assigned CVE-2023-52626 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.3 with commit e5d30f7da357 and fixed in 6.6.15 with commit 40e0d0746390 Issue introduced in 6.7 with commit 92214be5979c and fixed in 6.7.3 with commit 33cdeae8c6fb Issue introduced in 6.7 with commit 92214be5979c and fixed in 6.8 with commit 3876638b2c7e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52626 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/40e0d0746390c5b0c31144f4f1688d72f3f8d790 https://git.kernel.org/stable/c/33cdeae8c6fb58cc445f859b67c014dc9f60b4e0 https://git.kernel.org/stable/c/3876638b2c7ebb2c9d181de1191db0de8cac143a