NVD

CVE-2023-52606 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678	CVE, kernel.org	Mailing List Patch
https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b	CVE, kernel.org	Mailing List Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html	CVE	Mailing List Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-770	Allocation of Resources Without Limits or Throttling	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

9 change records found show changes

CVE Modified by kernel.org 6/17/2026 2:43:08 AM

Action

Type

Old Value

New Value

Added

Affected

Record truncated, showing 2048 of 2458 characters.
View Entire Change Record

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/powerpc/lib/sstep.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c22435a5f3d8f85ea162ae523a6ba60a58521ba5","lessThan":"42084a428a139f1a429f597d44621e3a18f3e414","versionType":"git","status":"affected"},{"version":"c22435a5f3d8f85ea162ae523a6ba60a58521ba5","lessThan":"0580f4403ad33f379eef865c2a6fe94de37febdf","versionType":"git","status":"affected"},{"version":"c22435a5f3d8f85ea162ae523a6ba60a58521ba5","lessThan":"beee482cc4c9a6b1dcffb2e190b4fd8782258678","versionType":"git","status":"affected"},{"version":"c22435a5f3d8f85ea162ae523a6ba60a58521ba5","lessThan":"de4f5ed63b8a199704d8cdcbf810309d7eb4b36b","versionType":"git","status":"affected"},{"version":"c22435a5f3d8f85ea162ae523a6ba60a58521ba5","lessThan":"abd26515d4b767ba48241eea77b28ce0872aef3e","versionType":"git","status":"affected"},{"version":"c22435a5f3d8f85ea162ae523a6ba60a58521ba5","lessThan":"28b8ba8eebf26f66d9f2df4ba550b6b3b136082c","versionType":"git","status":"affected"},{"version":"c22435a5f3d8f85ea162ae523a6ba60a58521ba5","lessThan":"848e1d7fd710900397e1d0e7584680c1c04e3afd","versionType":"git","status":"affected"},{"version":"c22435a5f3d8f85ea162ae523a6ba60a58521ba5","lessThan":"8f9abaa6d7de0a70fc68acaedce290c1f96e2e59","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/powerpc/lib/sstep.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.14","status":"affected"},{"version":"0","lessThan":"4.14","versionType":"semver","status":"unaffected"},{"version":"4.19.307","lessThanOrEqual":"4.19.*","versionType":"semver","status":"unaffected"},{"version":"5.4.269","lessThanOrEqual":"5.4.*","versionType":"semver","status":"unaffected"},{"version":"5.10.210","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.149","lessThanOrEqual":"5.15.*","versionType":"

Initial Analysis by NIST 2/14/2025 11:40:45 AM

CVE Modified by CVE 11/21/2024 3:40:10 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf
Added	Reference	https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c
Added	Reference	https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414
Added	Reference	https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd
Added	Reference	https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59
Added	Reference	https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e
Added	Reference	https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678
Added	Reference	https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b
Added	Reference	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

New CVE Received from kernel.org 3/06/2024 2:15:11 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption.
Added	Reference	Linux https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2023-52606
NVD Published Date:
03/06/2024
NVD Last Modified:
06/17/2026
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2023-52606 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CISA-ADP 6/17/2026 2:43:08 AM

CVE Modified by kernel.org 6/17/2026 2:43:08 AM

Initial Analysis by NIST 2/14/2025 11:40:45 AM

CVE Modified by CVE 11/21/2024 3:40:10 AM

CVE Modified by kernel.org 11/04/2024 8:16:40 AM

CVE Modified by kernel.org 6/25/2024 7:15:22 PM

CVE Modified by kernel.org 5/29/2024 2:15:42 AM

CVE Modified by kernel.org 5/14/2024 10:22:57 AM

New CVE Received from kernel.org 3/06/2024 2:15:11 AM

Quick Info