CVE-2023-53272 - Vulnerability Details

Link	Providers
https://git.kernel.org/stable/c/0939c264729d4a081ff88efce2ffdf85dc5331e0
https://git.kernel.org/stable/c/1e760b2d18bf129b3da052c2946c02758e97d15e
https://git.kernel.org/stable/c/1e9cb763e9bacf0c932aa948f50dcfca6f519a26
https://git.kernel.org/stable/c/3e36cc94d6e60a27f27498adf1c71eeba769ab33
https://git.kernel.org/stable/c/90947ebf8794e3c229fb2e16e37f1bfea6877f14

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances occasionally reset. Once recently logged a UBSAN failure to console in the process: UBSAN: shift-out-of-bounds in build/linux/drivers/net/ethernet/amazon/ena/ena_com.c:540:13 shift exponent 32 is too large for 32-bit type 'unsigned int' CPU: 28 PID: 70012 Comm: kworker/u72:2 Kdump: loaded not tainted 5.15.117 Hardware name: Amazon EC2 c5d.9xlarge/, BIOS 1.0 10/16/2017 Workqueue: ena ena_fw_reset_device [ena] Call Trace: <TASK> dump_stack_lvl+0x4a/0x63 dump_stack+0x10/0x16 ubsan_epilogue+0x9/0x36 __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e ? __const_udelay+0x43/0x50 ena_delay_exponential_backoff_us.cold+0x16/0x1e [ena] wait_for_reset_state+0x54/0xa0 [ena] ena_com_dev_reset+0xc8/0x110 [ena] ena_down+0x3fe/0x480 [ena] ena_destroy_device+0xeb/0xf0 [ena] ena_fw_reset_device+0x30/0x50 [ena] process_one_work+0x22b/0x3d0 worker_thread+0x4d/0x3f0 ? process_one_work+0x3d0/0x3d0 kthread+0x12a/0x150 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 </TASK> Apparently, the reset delays are getting so large they can trigger a UBSAN panic. Looking at the code, the current timeout is capped at 5000us. Using a base value of 100us, the current code will overflow after (1<<29). Even at values before 32, this function wraps around, perhaps unintentionally. Cap the value of the exponent used for this backoff at (1<<16) which is larger than currently necessary, but large enough to support bigger values in the future.
Title		net: ena: fix shift-out-of-bounds in exponential backoff
References		https://git.kernel.org/stable/c/0939c264729d4a081ff88efce2ffdf85dc5331e0 https://git.kernel.org/stable/c/1e760b2d18bf129b3da052c2946c02758e97d15e https://git.kernel.org/stable/c/1e9cb763e9bacf0c932aa948f50dcfca6f519a26 https://git.kernel.org/stable/c/3e36cc94d6e60a27f27498adf1c71eeba769ab33 https://git.kernel.org/stable/c/90947ebf8794e3c229fb2e16e37f1bfea6877f14

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53272", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-09-16T08:05:12.516Z", "datePublished": "2025-09-16T08:07:01.589Z", "dateUpdated": "2025-09-16T08:07:01.589Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-09-16T08:07:01.589Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: fix shift-out-of-bounds in exponential backoff\n\nThe ENA adapters on our instances occasionally reset. Once recently\nlogged a UBSAN failure to console in the process:\n\n UBSAN: shift-out-of-bounds in build/linux/drivers/net/ethernet/amazon/ena/ena_com.c:540:13\n shift exponent 32 is too large for 32-bit type 'unsigned int'\n CPU: 28 PID: 70012 Comm: kworker/u72:2 Kdump: loaded not tainted 5.15.117\n Hardware name: Amazon EC2 c5d.9xlarge/, BIOS 1.0 10/16/2017\n Workqueue: ena ena_fw_reset_device [ena]\n Call Trace:\n <TASK>\n dump_stack_lvl+0x4a/0x63\n dump_stack+0x10/0x16\n ubsan_epilogue+0x9/0x36\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e\n ? __const_udelay+0x43/0x50\n ena_delay_exponential_backoff_us.cold+0x16/0x1e [ena]\n wait_for_reset_state+0x54/0xa0 [ena]\n ena_com_dev_reset+0xc8/0x110 [ena]\n ena_down+0x3fe/0x480 [ena]\n ena_destroy_device+0xeb/0xf0 [ena]\n ena_fw_reset_device+0x30/0x50 [ena]\n process_one_work+0x22b/0x3d0\n worker_thread+0x4d/0x3f0\n ? process_one_work+0x3d0/0x3d0\n kthread+0x12a/0x150\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x22/0x30\n </TASK>\n\nApparently, the reset delays are getting so large they can trigger a\nUBSAN panic.\n\nLooking at the code, the current timeout is capped at 5000us. Using a\nbase value of 100us, the current code will overflow after (1<<29). Even\nat values before 32, this function wraps around, perhaps\nunintentionally.\n\nCap the value of the exponent used for this backoff at (1<<16) which is\nlarger than currently necessary, but large enough to support bigger\nvalues in the future."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/amazon/ena/ena_com.c"], "versions": [{"version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f", "lessThan": "1e760b2d18bf129b3da052c2946c02758e97d15e", "status": "affected", "versionType": "git"}, {"version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f", "lessThan": "3e36cc94d6e60a27f27498adf1c71eeba769ab33", "status": "affected", "versionType": "git"}, {"version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f", "lessThan": "90947ebf8794e3c229fb2e16e37f1bfea6877f14", "status": "affected", "versionType": "git"}, {"version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f", "lessThan": "0939c264729d4a081ff88efce2ffdf85dc5331e0", "status": "affected", "versionType": "git"}, {"version": "4bb7f4cf60e38a00965d22aa5979ab143193d41f", "lessThan": "1e9cb763e9bacf0c932aa948f50dcfca6f519a26", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/amazon/ena/ena_com.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.188", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.121", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.40", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4.5", "lessThanOrEqual": "6.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.10.188"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.15.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.1.40"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.4.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "6.5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1e760b2d18bf129b3da052c2946c02758e97d15e"}, {"url": "https://git.kernel.org/stable/c/3e36cc94d6e60a27f27498adf1c71eeba769ab33"}, {"url": "https://git.kernel.org/stable/c/90947ebf8794e3c229fb2e16e37f1bfea6877f14"}, {"url": "https://git.kernel.org/stable/c/0939c264729d4a081ff88efce2ffdf85dc5331e0"}, {"url": "https://git.kernel.org/stable/c/1e9cb763e9bacf0c932aa948f50dcfca6f519a26"}], "title": "net: ena: fix shift-out-of-bounds in exponential backoff", "x_generator": {"engine": "bippy-1.2.0"}}}}

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object