CVE-2023-52906

🗓️ 21 Aug 2024 18:10:16Reported by redhat.comType

In Linux kernel, vulnerability resolved in net/sched: act_mpls due to an invalid combination of NLA_U32 attribute and NLA_VALIDATE_FUNCTION. This triggers a warning in nla_get_range_unsigned() when attribute validation fails

Reporter	Title	Published	Views	Family All 103
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2023-026 (ALASKERNEL-5.10-2023-026)	8 Feb 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2023-013 (ALASKERNEL-5.15-2023-013)	8 Feb 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2023-042 (ALASKERNEL-5.4-2023-042)	23 Feb 202300:00	–	nessus
Tenable Nessus	Photon OS 4.0: Linux PHSA-2021-4.0-0065	22 Jul 202100:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3190-1)	11 Sep 202400:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3209-1)	12 Sep 202400:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3483-1)	28 Sep 202400:00	–	nessus
Tenable Nessus	Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987031)	7 Oct 202500:00	–	nessus
Tenable Nessus	Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989355)	5 Nov 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-52906	5 Mar 202500:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-52906
lore	www.lore.kernel.org/linux-cve-announce/2024082114-CVE-2023-52906-7967@gregkh/T
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

27 Sep 2024 23:57Current

7.2High risk

Vulners AI Score7.2

CVSS 3.15.5

EPSS0.00022

CWE-20