CVE-2023-53010

MEDIUM EPSS 7.3%
Published Mar 27, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow in strnlen [...] Call Trace: bnxt_ethtool_init.cold+0x18/0x18 Refactor struct hwrm_selftest_qlist_output to use an actual array, and adjust the concatenation to use snprintf() rather than a series of strncat() calls.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥4.12  –  <6.1.9
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/cefa85480ac99c0bef5a09daadb48d65fc28e279
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3e599c090fc6977331150c5f0a69ab8ce87da21
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/cefa85480ac99c0bef5a09daadb48d65fc28e279
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3e599c090fc6977331150c5f0a69ab8ce87da21
    Patch