CVE-2023-52834

atl1c: Work around the DMA RX overflow issue

Description

In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX overflow issue"). The alx and atl1c drivers had RX overflow error which was why a custom allocator was created to avoid certain addresses. The simpler workaround then created for alx driver, but not for atl1c due to lack of tester. Instead of using a custom allocator, check the allocated skb address and use skb_reserve() to move away from problematic 0x...fc0 address. Tested on AR8131 on Acer 4540.

N/A
CVSS
Severity:
EPSS 0.14%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c29a89b23f67ee592f4dee61f9d7efbf86d60315
https://git.kernel.org/stable/c/57e44ff9c2c9747b2b1a53556810b0e5192655d6
https://git.kernel.org/stable/c/54a6152da4993ec8e4b53dc3cf577f5a2c829afa
https://git.kernel.org/stable/c/32f08b7b430ee01ec47d730f961a3306c1c7b6fb
https://git.kernel.org/stable/c/86565682e9053e5deb128193ea9e88531bbae9cf

Frequently Asked Questions

What is the severity of CVE-2023-52834?
CVE-2023-52834 has not yet been assigned a CVSS score.
How to fix CVE-2023-52834?
To fix CVE-2023-52834, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52834 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52834 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52834?
CVE-2023-52834 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.