CVE-2023-52606: powerpc/lib: Validate size for vector operations

Published Mar 6, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

powerpc/lib: Validate size for vector operations

Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyseinstr().

Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

powerpc/lib: Validate size for vector operations

The Linux kernel CVE team has assigned CVE-2023-52606 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024030647-CVE-2023-52606-fdcc@gregkh/T

Red Hat

Affected Software

20 affected componentsFixes available
Linux Linux kernel<4.19.307
Linux Linux kernel>=4.20<5.4.269
Linux Linux kernel>=5.5<5.10.210
Linux Linux kernel>=5.11<5.15.149
Linux Linux kernel>=5.16<6.1.77
Linux Linux kernel>=6.2<6.6.16
Linux Linux kernel>=6.7<6.7.4
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
redhat/kernel<4.19.307
4.19.307
redhat/kernel<5.4.269
5.4.269
redhat/kernel<5.10.210
5.10.210
redhat/kernel<5.15.149
5.15.149
redhat/kernel<6.1.77
6.1.77
redhat/kernel<6.6.16
6.6.16
redhat/kernel<6.7.4
6.7.4
redhat/kernel<6.8
6.8

Remediation

Patch Available

https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf

Patch Available

https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c

Patch Available

https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414

Patch Available

https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd

Patch Available

https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59

Patch Available

https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e

Patch Available

https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678

Patch Available

https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b

Patch Available

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Event History

Mar 6, 2024
CVE Published
via MITRE·06:45 AM
Data Sourced
via MITRE·06:45 AM
Description
Data Sourced
via Red Hat·10:05 PM
DescriptionSeverityAffected Software
Mar 27, 2024
Data Sourced
via Launchpad·09:55 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·11:16 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-52606?

CVE-2023-52606 is rated as a high severity vulnerability affecting the Linux kernel's vector operations.

2

How do I fix CVE-2023-52606?

To fix CVE-2023-52606, update your Linux kernel to one of the remedied versions such as 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.77, 6.6.16, 6.7.4, or 6.8.

3

Which Linux kernel versions are affected by CVE-2023-52606?

CVE-2023-52606 affects various 4.x, 5.x, and 6.x versions of the Linux kernel prior to the patches including 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.77, 6.6.16, and later versions.

4

What types of systems are vulnerable to CVE-2023-52606?

Systems running vulnerable versions of the Linux kernel, particularly those utilizing powerpc architecture, are at risk from CVE-2023-52606.

5

Is there a public fix available for CVE-2023-52606?

Yes, public fixes are available in the form of updated kernel versions that address the vulnerabilities outlined in CVE-2023-52606.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203