{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52996", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-03-27T16:40:15.742Z", "datePublished": "2025-03-27T16:43:30.547Z", "dateUpdated": "2025-05-04T07:47:10.247Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:47:10.247Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: prevent potential spectre v1 gadget in fib_metrics_match()\n\nif (!type)\n continue;\n if (type > RTAX_MAX)\n return false;\n ...\n fi_val = fi->fib_metrics->metrics[type - 1];\n\n@type being used as an array index, we need to prevent\ncpu speculation or risk leaking kernel memory content."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/fib_semantics.c"], "versions": [{"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "8f0eb24f1a7a60ce635f0d757a46f1a37a4d467d", "status": "affected", "versionType": "git"}, {"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "7f9828fb1f688210e681268490576f0ca65c322a", "status": "affected", "versionType": "git"}, {"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "ca3cf947760de050d558293002ad3e7f4b8745d2", "status": "affected", "versionType": "git"}, {"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "f9753ebd61be2d957b5504cbd3fd719674f05b7a", "status": "affected", "versionType": "git"}, {"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "5e9398a26a92fc402d82ce1f97cc67d832527da0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/fib_semantics.c"], "versions": [{"version": "4.14", "status": "affected"}, {"version": "0", "lessThan": "4.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.231", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.166", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.91", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.9", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.4.231"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.10.166"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.15.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.1.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8f0eb24f1a7a60ce635f0d757a46f1a37a4d467d"}, {"url": "https://git.kernel.org/stable/c/7f9828fb1f688210e681268490576f0ca65c322a"}, {"url": "https://git.kernel.org/stable/c/ca3cf947760de050d558293002ad3e7f4b8745d2"}, {"url": "https://git.kernel.org/stable/c/f9753ebd61be2d957b5504cbd3fd719674f05b7a"}, {"url": "https://git.kernel.org/stable/c/5e9398a26a92fc402d82ce1f97cc67d832527da0"}], "title": "ipv4: prevent potential spectre v1 gadget in fib_metrics_match()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "76F43E31-4688-4501-9F94-6BC3456EECDA", "versionEndExcluding": "5.4.231", "versionStartIncluding": "4.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A44D9D24-661C-40D4-8735-4CEB1C7C02F2", "versionEndExcluding": "5.10.166", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "91C2E92D-CC25-4FBD-8824-56A148119D7E", "versionEndExcluding": "5.15.91", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED5B6045-B1D2-4E03-B194-9005A351BCAE", "versionEndExcluding": "6.1.9", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "FF501633-2F44-4913-A8EE-B021929F49F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "2BDA597B-CAC1-4DF0-86F0-42E142C654E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "725C78C9-12CE-406F-ABE8-0813A01D66E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:*", "matchCriteriaId": "A127C155-689C-4F67-B146-44A57F4BFD85", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2:rc5:*:*:*:*:*:*", "matchCriteriaId": "D34127CC-68F5-4703-A5F6-5006F803E4AE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: prevent potential spectre v1 gadget in fib_metrics_match()\n\nif (!type)\n continue;\n if (type > RTAX_MAX)\n return false;\n ...\n fi_val = fi->fib_metrics->metrics[type - 1];\n\n@type being used as an array index, we need to prevent\ncpu speculation or risk leaking kernel memory content."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv4: evitar un potencial gadget spectre v1 en fib_metrics_match() if (!type) continue; if (type > RTAX_MAX) return false; ... fi_val = fi->fib_metrics->metrics[type - 1]; @type se utiliza como un \u00edndice de matriz, debemos evitar la especulaci\u00f3n de la CPU o corremos el riesgo de filtrar el contenido de la memoria del kernel."}], "id": "CVE-2023-52996", "lastModified": "2025-10-30T16:40:28.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-27T17:15:48.310", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5e9398a26a92fc402d82ce1f97cc67d832527da0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7f9828fb1f688210e681268490576f0ca65c322a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8f0eb24f1a7a60ce635f0d757a46f1a37a4d467d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ca3cf947760de050d558293002ad3e7f4b8745d2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f9753ebd61be2d957b5504cbd3fd719674f05b7a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ipv4: prevent potential spectre v1 gadget in fib_metrics_match()", "id": "2355438", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355438"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "status": "draft"}, "cwe": "CWE-200", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nipv4: prevent potential spectre v1 gadget in fib_metrics_match()\nif (!type)\ncontinue;\nif (type > RTAX_MAX)\nreturn false;\n...\nfi_val = fi->fib_metrics->metrics[type - 1];\n@type being used as an array index, we need to prevent\ncpu speculation or risk leaking kernel memory content.", "A flaw was found in the fib_metrics_match function in the net/ipv4/fib_semantics.c file in the Linux kernel, which contains source code that can lead to CPU speculation or risk leaking kernel memory content. Specifically, this vulnerability can allows an attacker to exploit a Spectre v1 gadget attack."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52996", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52996\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52996\nhttps://lore.kernel.org/linux-cve-announce/2025032710-CVE-2023-52996-7c1f@gregkh/T"], "statement": "Red Hat Product Security has rated this update with a security impact of Moderate. All Red Hat products are being evaluated for impact and Red Hat will work with the Linux community to analyze and correct any issues found. Successful exploitation of this flaw requires the attacker to have advanced knowledge of the software versions used on the system. For additional information about this flaw including possible mitigations please refer to: https://access.redhat.com/solutions/3545361", "threat_severity": "Moderate"}

{"created": "2025-07-12T22:45:04.873606+00:00", "updated": "2025-07-12T22:45:04.873672+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}