CVE-2023-53495

medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() rules is allocated in ethtool_get_rxnfc and the size is determined by rule_cnt from user space. So rule_cnt needs to be check before using rules to avoid OOB writing or NULL pointer dereference.

References

https://git.kernel.org/stable/c/ba6673824efa3dc198b04a54e69dce480066d7d9

https://git.kernel.org/stable/c/625b70d31dd4df4b96b3ddcbe251debb33bd67f5

https://git.kernel.org/stable/c/61054a8ddb176b155a8f2bacdfefb3727187f5d9

https://git.kernel.org/stable/c/5bb09dddc724c5f7c4dc6dd3bfebd685eecd93e8

https://git.kernel.org/stable/c/51fe0a470543f345e3c62b6798929de3ddcedc1d

https://git.kernel.org/stable/c/349638f7e5d3c7d328565587bb7b0454bbee02e2

Details

Source: Mitre, NVD

Published: 2025-10-01

Updated: 2025-10-02

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024