CVE-2023-52834

high

Published 2024-11-12 · Modified 2024-08-08

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX overflow issue"). The alx and atl1c drivers had RX overflow error which was why a custom allocator was created to avoid certain addresses. The simpler workaround then created for alx driver, but not for atl1c due to lack of tester. Instead of using a custom allocator, check the allocated skb address and use skb_reserve() to move away from problematic 0x...fc0 address. Tested on AR8131 on Acer 4540.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description kernel: atl1c: Work around the DMA RX overflow issue CVSS v3: 4.4 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:51022024-08-08T00:00:00Z Red Hat Enterprise Linux 8kernel-0:4.18.0-553.16.1.el8_10RHSA-2024:51012024-08-08T00:00:00Z Red Hat Enterprise Linux…

Description

kernel: atl1c: Work around the DMA RX overflow issue

CVSS v3: 4.4 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10`	RHSA-2024:5102	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 8	`kernel-0:4.18.0-553.16.1.el8_10`	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-503.11.1.el9_5`	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-503.11.1.el9_5`	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support	`kernel-0:5.14.0-427.76.1.el9_4`	RHSA-2025:10701	2025-07-09T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`kernel`	Not affected
Red Hat Enterprise Linux 7	`kernel`	Out of support scope
Red Hat Enterprise Linux 7	`kernel-rt`	Out of support scope
Red Hat Enterprise Linux 9	`kernel-rt`	Affected

Apply commands

bash fix

Apply RHSA-2024:5102 for Red Hat Enterprise Linux 8

yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 6	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Affected`

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Mixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`6.5.13-1`
sid	Fixed	`6.5.13-1`
forky	Fixed	`6.5.13-1`
bullseye	Affected	—
bookworm	Fixed	`6.1.64-1`

AlmaLinux Fixed 1 release

Version	Status	Fixed in
8	Fixed	`kernel-doc-4.18.0-553.16.1.el8_10.noarch.rpm`

Red Hat Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

Rocky Linux Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.