CVE-2023-52616

crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this issue was ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will be triggered when calculating the Za value for SM2 separately.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0c3687822259a7628c85cd21a3445cbe3c367165 patch mailing list
https://git.kernel.org/stable/c/2bb86817b33c9d704e127f92b838035a72c315b6 patch mailing list
https://git.kernel.org/stable/c/bb44477d4506e52785693a39f03cdc6a2c5e8598 patch mailing list
https://git.kernel.org/stable/c/7ebf812b7019fd2d4d5a7ca45ef4bf3a6f4bda0a patch mailing list
https://git.kernel.org/stable/c/7abdfd45a650c714d5ebab564bb1b988f14d9b49 patch mailing list
https://git.kernel.org/stable/c/ba3c5574203034781ac4231acf117da917efcd2a patch mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list

Frequently Asked Questions

What is the severity of CVE-2023-52616?
CVE-2023-52616 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52616?
To fix CVE-2023-52616, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52616 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52616 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52616?
CVE-2023-52616 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.