CVE-2023-53661

high

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt: avoid overflow in bnxt_get_nvram_directory() The value of an arithmetic expression is subject of possible overflow due to a failure to cast operands to a larger data type before performing arithmetic. Used macro for multiplication instead operator for avoiding overflow. Found by Security Code and Linux Verification Center (linuxtesting.org) with SVACE.

References

https://git.kernel.org/stable/c/efb1a257513438d43f4335f09b2f684e8167cad2

https://git.kernel.org/stable/c/d5eaf2a6b077f32a477feb1e9e1c1f60605b460e

https://git.kernel.org/stable/c/7c6dddc239abe660598c49ec95ea0ed6399a4b2a

https://git.kernel.org/stable/c/17e0453a7523ad7a25bb47af941b150a6c66d7b6

Details

Source: Mitre, NVD

Published: 2025-10-07

Updated: 2025-10-08

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018