CVE-2023-52606: powerpc/lib: Validate size for vector operations
First published: Wed Mar 06 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.19.307 | 4.19.307 |
| redhat/kernel | <5.4.269 | 5.4.269 |
| redhat/kernel | <5.10.210 | 5.10.210 |
| redhat/kernel | <5.15.149 | 5.15.149 |
| redhat/kernel | <6.1.77 | 6.1.77 |
| redhat/kernel | <6.6.16 | 6.6.16 |
| redhat/kernel | <6.7.4 | 6.7.4 |
| redhat/kernel | <6.8 | 6.8 |
| Linux Kernel | <4.19.307 | |
| Linux Kernel | >=4.20<5.4.269 | |
| Linux Kernel | >=5.5<5.10.210 | |
| Linux Kernel | >=5.11<5.15.149 | |
| Linux Kernel | >=5.16<6.1.77 | |
| Linux Kernel | >=6.2<6.6.16 | |
| Linux Kernel | >=6.7<6.7.4 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf
- https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c
- https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414
- https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd
- https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59
- https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e
- https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678
- https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b
- https://launchpad.net/bugs/cve/CVE-2023-52606
- https://access.redhat.com/security/cve/CVE-2023-52606
- https://lore.kernel.org/linux-cve-announce/2024030647-CVE-2023-52606-fdcc@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2268294
- https://access.redhat.com/errata/RHSA-2024:3618
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2268293
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52606
- https://nvd.nist.gov/vuln/detail/CVE-2023-52606
- https://security-tracker.debian.org/tracker/CVE-2023-52606
- https://ubuntu.com/security/CVE-2023-52606
- https://git.kernel.org/linus/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-52606?
CVE-2023-52606 is rated as a high severity vulnerability affecting the Linux kernel's vector operations.
How do I fix CVE-2023-52606?
To fix CVE-2023-52606, update your Linux kernel to one of the remedied versions such as 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.77, 6.6.16, 6.7.4, or 6.8.
Which Linux kernel versions are affected by CVE-2023-52606?
CVE-2023-52606 affects various 4.x, 5.x, and 6.x versions of the Linux kernel prior to the patches including 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.77, 6.6.16, and later versions.
What types of systems are vulnerable to CVE-2023-52606?
Systems running vulnerable versions of the Linux kernel, particularly those utilizing powerpc architecture, are at risk from CVE-2023-52606.
Is there a public fix available for CVE-2023-52606?
Yes, public fixes are available in the form of updated kernel versions that address the vulnerabilities outlined in CVE-2023-52606.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-52606
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/weakness
- agent/severity
- agent/remedy
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- package-manager/debian
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2