CVE-2023-52669

crypto: s390/aes - Fix buffer overread in CTR mode

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the actual length left and copy it into a buffer first for processing.

N/A
CVSS
Severity:
EPSS 0.20%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/cd51e26a3b89706beec64f2d8296cfb1c34e0c79
https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285
https://git.kernel.org/stable/c/dbc9a791a70ea47be9f2acf251700fe254a2ab23
https://git.kernel.org/stable/c/d68ac38895e84446848b7647ab9458d54cacba3e
https://git.kernel.org/stable/c/e78f1a43e72daf77705ad5b9946de66fc708b874
https://git.kernel.org/stable/c/d07f951903fa9922c375b8ab1ce81b18a0034e3b
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Frequently Asked Questions

What is the severity of CVE-2023-52669?
CVE-2023-52669 has not yet been assigned a CVSS score.
How to fix CVE-2023-52669?
To fix CVE-2023-52669, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52669 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52669 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52669?
CVE-2023-52669 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.