CVE-2023-52878

low-risk
Published 2024-05-21

In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a meaningful warning message and return with an error.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (10)

Mailing List https://git.kernel.org/stable/c/0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4
Mailing List https://git.kernel.org/stable/c/53c468008a7c9ca3f5fc985951f35ec2acae85bc
Mailing List https://git.kernel.org/stable/c/6411959c10fe917288cbb1038886999148560057
Mailing List https://git.kernel.org/stable/c/826120c9ba68f2d0dbae58e99013929c883d1444
Mailing List https://git.kernel.org/stable/c/8ab67da060157362b2e0926692c659808784708f
Mailing List https://git.kernel.org/stable/c/0d30931f1fa0fb893fb7d5dc32b6b7edfb775be4
Mailing List https://git.kernel.org/stable/c/53c468008a7c9ca3f5fc985951f35ec2acae85bc
Mailing List https://git.kernel.org/stable/c/6411959c10fe917288cbb1038886999148560057
Mailing List https://git.kernel.org/stable/c/826120c9ba68f2d0dbae58e99013929c883d1444
Mailing List https://git.kernel.org/stable/c/8ab67da060157362b2e0926692c659808784708f
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal