{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52834", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.252Z", "datePublished": "2024-05-21T15:31:35.575Z", "dateUpdated": "2024-08-02T23:11:36.046Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:18:06.456Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natl1c: Work around the DMA RX overflow issue\n\nThis is based on alx driver commit 881d0327db37 (\"net: alx: Work around\nthe DMA RX overflow issue\").\n\nThe alx and atl1c drivers had RX overflow error which was why a custom\nallocator was created to avoid certain addresses. The simpler workaround\nthen created for alx driver, but not for atl1c due to lack of tester.\n\nInstead of using a custom allocator, check the allocated skb address and\nuse skb_reserve() to move away from problematic 0x...fc0 address.\n\nTested on AR8131 on Acer 4540."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/atheros/atl1c/atl1c.h", "drivers/net/ethernet/atheros/atl1c/atl1c_main.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "c29a89b23f67", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "57e44ff9c2c9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "54a6152da499", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "32f08b7b430e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "86565682e905", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/atheros/atl1c/atl1c.h", "drivers/net/ethernet/atheros/atl1c/atl1c_main.c"], "versions": [{"version": "5.15.140", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.64", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.5.13", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.3", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c29a89b23f67ee592f4dee61f9d7efbf86d60315"}, {"url": "https://git.kernel.org/stable/c/57e44ff9c2c9747b2b1a53556810b0e5192655d6"}, {"url": "https://git.kernel.org/stable/c/54a6152da4993ec8e4b53dc3cf577f5a2c829afa"}, {"url": "https://git.kernel.org/stable/c/32f08b7b430ee01ec47d730f961a3306c1c7b6fb"}, {"url": "https://git.kernel.org/stable/c/86565682e9053e5deb128193ea9e88531bbae9cf"}], "title": "atl1c: Work around the DMA RX overflow issue", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52834", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:09:31.471989Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:26.205Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:36.046Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c29a89b23f67ee592f4dee61f9d7efbf86d60315", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/57e44ff9c2c9747b2b1a53556810b0e5192655d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/54a6152da4993ec8e4b53dc3cf577f5a2c829afa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/32f08b7b430ee01ec47d730f961a3306c1c7b6fb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/86565682e9053e5deb128193ea9e88531bbae9cf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c29a89b23f67ee592f4dee61f9d7efbf86d60315", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/57e44ff9c2c9747b2b1a53556810b0e5192655d6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/54a6152da4993ec8e4b53dc3cf577f5a2c829afa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/32f08b7b430ee01ec47d730f961a3306c1c7b6fb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/86565682e9053e5deb128193ea9e88531bbae9cf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:36.046Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52834", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:09:31.471989Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.372Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "atl1c: Work around the DMA RX overflow issue", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "c29a89b23f67", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "57e44ff9c2c9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "54a6152da499", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "32f08b7b430e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "86565682e905", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/atheros/atl1c/atl1c.h", "drivers/net/ethernet/atheros/atl1c/atl1c_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.140", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.64", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.13", "versionType": "custom", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6.3", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/atheros/atl1c/atl1c.h", "drivers/net/ethernet/atheros/atl1c/atl1c_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c29a89b23f67ee592f4dee61f9d7efbf86d60315"}, {"url": "https://git.kernel.org/stable/c/57e44ff9c2c9747b2b1a53556810b0e5192655d6"}, {"url": "https://git.kernel.org/stable/c/54a6152da4993ec8e4b53dc3cf577f5a2c829afa"}, {"url": "https://git.kernel.org/stable/c/32f08b7b430ee01ec47d730f961a3306c1c7b6fb"}, {"url": "https://git.kernel.org/stable/c/86565682e9053e5deb128193ea9e88531bbae9cf"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natl1c: Work around the DMA RX overflow issue\n\nThis is based on alx driver commit 881d0327db37 (\"net: alx: Work around\nthe DMA RX overflow issue\").\n\nThe alx and atl1c drivers had RX overflow error which was why a custom\nallocator was created to avoid certain addresses. The simpler workaround\nthen created for alx driver, but not for atl1c due to lack of tester.\n\nInstead of using a custom allocator, check the allocated skb address and\nuse skb_reserve() to move away from problematic 0x...fc0 address.\n\nTested on AR8131 on Acer 4540."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:18:06.456Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52834", "state": "PUBLISHED", "dateUpdated": "2024-08-02T23:11:36.046Z", "dateReserved": "2024-05-21T15:19:24.252Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:31:35.575Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natl1c: Work around the DMA RX overflow issue\n\nThis is based on alx driver commit 881d0327db37 (\"net: alx: Work around\nthe DMA RX overflow issue\").\n\nThe alx and atl1c drivers had RX overflow error which was why a custom\nallocator was created to avoid certain addresses. The simpler workaround\nthen created for alx driver, but not for atl1c due to lack of tester.\n\nInstead of using a custom allocator, check the allocated skb address and\nuse skb_reserve() to move away from problematic 0x...fc0 address.\n\nTested on AR8131 on Acer 4540."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: atl1c:workaround al problema de desbordamiento de DMA RX. Esto se basa en la confirmaci\u00f3n del controlador alx 881d0327db37 (\"net: alx: soluci\u00f3n alternativa al problema de desbordamiento de DMA RX\"). Los controladores alx y atl1c ten\u00edan un error de desbordamiento de RX, por lo que se cre\u00f3 un asignador personalizado para evitar ciertas direcciones. Luego se cre\u00f3 la soluci\u00f3n m\u00e1s simple para el controlador alx, pero no para atl1c debido a la falta de un probador. En lugar de utilizar un asignador personalizado, verifique la direcci\u00f3n skb asignada y use skb_reserve() para alejarse de la direcci\u00f3n problem\u00e1tica 0x...fc0. Probado en AR8131 en Acer 4540."}], "id": "CVE-2023-52834", "lastModified": "2024-05-21T16:53:56.550", "metrics": {}, "published": "2024-05-21T16:15:20.950", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/32f08b7b430ee01ec47d730f961a3306c1c7b6fb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/54a6152da4993ec8e4b53dc3cf577f5a2c829afa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/57e44ff9c2c9747b2b1a53556810b0e5192655d6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/86565682e9053e5deb128193ea9e88531bbae9cf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c29a89b23f67ee592f4dee61f9d7efbf86d60315"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}], "bugzilla": {"description": "kernel: atl1c: Work around the DMA RX overflow issue", "id": "2282744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282744"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\natl1c: Work around the DMA RX overflow issue\nThis is based on alx driver commit 881d0327db37 (\"net: alx: Work around\nthe DMA RX overflow issue\").\nThe alx and atl1c drivers had RX overflow error which was why a custom\nallocator was created to avoid certain addresses. The simpler workaround\nthen created for alx driver, but not for atl1c due to lack of tester.\nInstead of using a custom allocator, check the allocated skb address and\nuse skb_reserve() to move away from problematic 0x...fc0 address.\nTested on AR8131 on Acer 4540."], "name": "CVE-2023-52834", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52834\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52834\nhttps://lore.kernel.org/linux-cve-announce/2024052109-CVE-2023-52834-4c46@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.140, kernel 6.1.64, kernel 6.5.13, kernel 6.6.3, kernel 6.7"}