{ "threat_severity" : "Moderate", "public_date" : "2025-04-16T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel: Information disclosure and denial of service in ntb_hw_switchtec module", "id" : "2360239", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2360239" }, "cvss3" : { "cvss3_base_score" : "6.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-125", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans\nThere is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and\nsize. This would make xlate_pos negative.\n[ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000\n[ 23.734158] ================================================================================\n[ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7\n[ 23.734418] shift exponent -1 is negative\nEnsuring xlate_pos is a positive or zero before BIT.", "A flaw was found in the Linux kernel. A local user could exploit a shift-out-of-bounds vulnerability within the `ntb_hw_switchtec` module. This vulnerability arises when the `ntb_mw_clear_trans()` application programming interface (API) processes zero values for address and size, leading to an invalid memory access. Successful exploitation could result in information disclosure and denial of service." ], "statement" : "MODERATE: A shift-out-of-bounds vulnerability was observed in switchtec_ntb_mw_set_trans in drivers/ntb/hw/mscc/ntb_hw_switchtec.c in the Linux Kernel. This flaw may allow a local attacker with a user account on the system to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-02-16T00:00:00Z", "advisory" : "RHSA-2026:2721", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "kernel-0:6.12.0-124.38.1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1727", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "kernel-0:6.12.0-55.58.1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-02-16T00:00:00Z", "advisory" : "RHSA-2026:2722", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.34.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-02-16T00:00:00Z", "advisory" : "RHSA-2026:2722", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.34.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1494", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.163.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1495", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.163.1.rt21.235.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1441", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "kernel-0:5.14.0-284.154.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1443", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.154.1.rt14.439.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1444", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.108.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:1194", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "kernel-0:5.14.0-570.81.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53034\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53034\nhttps://lore.kernel.org/linux-cve-announce/2025041650-CVE-2023-53034-8c3b@gregkh/T" ], "name" : "CVE-2023-53034", "csaw" : false }