References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.16.12

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NIST CWE-125

https://git.kernel.org/stable/c/0aec12d97b2036af0946e3d582144739860ac07b No Types Assigned

https://git.kernel.org/stable/c/0aec12d97b2036af0946e3d582144739860ac07b Patch

https://git.kernel.org/stable/c/4ad319cdfbe555b4ff67bc608736c46a6930c848 No Types Assigned

https://git.kernel.org/stable/c/4ad319cdfbe555b4ff67bc608736c46a6930c848 Patch

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte

When adding a rule with 32 destinations, we hit the following out-of-band
access issue:

  BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70

This patch fixes the issue by both increasing the allocated buffers to
accommodate for the needed actions and by checking the number of actions
to prevent this issue when a rule with too many actions is p

kernel.org https://git.kernel.org/stable/c/0aec12d97b2036af0946e3d582144739860ac07b [No types assigned]

kernel.org https://git.kernel.org/stable/c/4ad319cdfbe555b4ff67bc608736c46a6930c848 [No types assigned]