CVE-2023-53019

Description

In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass -1 as addr. Therefore validate addr before using it.

Reserved 2025-03-27 | Published 2025-03-27 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

7f854420fbfe9d49afe2ffb1df052cfe8e215541 before 1d80c259dfbadefa61b7ea334dfce5cb57f8c72f
affected

7f854420fbfe9d49afe2ffb1df052cfe8e215541 before c431a3d642593bbdb99e8a9e3eed608b730db6f8
affected

7f854420fbfe9d49afe2ffb1df052cfe8e215541 before 8a7b9560a3a8eb8724888c426e05926752f73aa0
affected

7f854420fbfe9d49afe2ffb1df052cfe8e215541 before 4bc5f1f6bc94e695dfd912122af96e7115a0ddb8
affected

7f854420fbfe9d49afe2ffb1df052cfe8e215541 before ad67de330d83e8078372b52af18ffe8d39e26c85
affected

7f854420fbfe9d49afe2ffb1df052cfe8e215541 before 7879626296e6ffd838ae0f2af1ab49ee46354973
affected

7f854420fbfe9d49afe2ffb1df052cfe8e215541 before 867dbe784c5010a466f00a7d1467c1c5ea569c75
affected

Default status
affected

4.5
affected

Any version before 4.5
unaffected

4.14.305
unaffected

4.19.272
unaffected

5.4.231
unaffected

5.10.166
unaffected

5.15.91
unaffected

6.1.9
unaffected

6.2
unaffected

References

git.kernel.org/...c/1d80c259dfbadefa61b7ea334dfce5cb57f8c72f

git.kernel.org/...c/c431a3d642593bbdb99e8a9e3eed608b730db6f8

git.kernel.org/...c/8a7b9560a3a8eb8724888c426e05926752f73aa0

git.kernel.org/...c/4bc5f1f6bc94e695dfd912122af96e7115a0ddb8

git.kernel.org/...c/ad67de330d83e8078372b52af18ffe8d39e26c85

git.kernel.org/...c/7879626296e6ffd838ae0f2af1ab49ee46354973

git.kernel.org/...c/867dbe784c5010a466f00a7d1467c1c5ea569c75

cve.org (CVE-2023-53019)

nvd.nist.gov (CVE-2023-53019)

Download JSON