CVE-2023-53034

ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans

Description

In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000 [ 23.734158] ================================================================================ [ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7 [ 23.734418] shift exponent -1 is negative Ensuring xlate_pos is a positive or zero before BIT.

N/A
CVSS
Severity:
EPSS 0.08%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f56951f211f181410a383d305e8d370993e45294
https://git.kernel.org/stable/c/5b6857bb3bfb0dae17fab1e42c1e82c204a508b1
https://git.kernel.org/stable/c/2429bdf26a0f3950fdd996861e9c1a3873af1dbe
https://git.kernel.org/stable/c/7ed22f8d8be26225a78cf5e85b2036421a6bf2d5
https://git.kernel.org/stable/c/c61a3f2df162ba424be0141649a9ef5f28eaccc1
https://git.kernel.org/stable/c/cb153bdc1812a3375639ed6ca5f147eaefb65349
https://git.kernel.org/stable/c/36d32cfb00d42e865396424bb5d340fc0a28870d
https://git.kernel.org/stable/c/0df2e03e4620548b41891b4e0d1bd9d2e0d8a39a
https://git.kernel.org/stable/c/de203da734fae00e75be50220ba5391e7beecdf9

Frequently Asked Questions

What is the severity of CVE-2023-53034?
CVE-2023-53034 has not yet been assigned a CVSS score.
How to fix CVE-2023-53034?
To fix CVE-2023-53034, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-53034 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-53034 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-53034?
CVE-2023-53034 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.