CVE-2023-52878

MEDIUM5.5

can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds

Published May 21, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds

If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message and return with an error.

References

WEBhttps://git.kernel.org/stable/c/0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4 WEBhttps://git.kernel.org/stable/c/53c468008a7c9ca3f5fc985951f35ec2acae85bc WEBhttps://git.kernel.org/stable/c/6411959c10fe917288cbb1038886999148560057 WEBhttps://git.kernel.org/stable/c/826120c9ba68f2d0dbae58e99013929c883d1444 WEBhttps://git.kernel.org/stable/c/8ab67da060157362b2e0926692c659808784708f ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2023-52878

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMay 21, 2024

ModifiedMay 4, 2025

CVE-2023-52878 | Mondoo Vulnerability Intelligence