CVE-2023-52669: crypto: s390/aes - Fix buffer overread in CTR mode
In the Linux kernel, the following vulnerability has been resolved:
crypto: s390/aes - Fix buffer overread in CTR mode
The Linux kernel CVE team has assigned CVE-2023-52669 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051728-CVE-2023-52669-5a58@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
crypto: s390/aes - Fix buffer overread in CTR mode
When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the actual length left and copy it into a buffer first for processing.
— NVD
Linux Kernel is vulnerable to a denial of service, caused by a buffer overread in CTR mode. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2023-52669?
CVE-2023-52669 has been classified with a moderate severity due to potential buffer overread vulnerabilities.
How do I fix CVE-2023-52669?
To fix CVE-2023-52669, update to a patched version of the Linux kernel, such as versions 5.10.210, 5.15.149, 6.1.76, or later versions.
Which Linux distributions are affected by CVE-2023-52669?
CVE-2023-52669 affects various distributions that utilize vulnerable versions of the Linux kernel, including Red Hat and Debian.
Is the vulnerability CVE-2023-52669 remote executable?
CVE-2023-52669 does not have remote code execution capabilities, as it primarily affects local processes.
What type of vulnerability is CVE-2023-52669?
CVE-2023-52669 is a buffer overread vulnerability that can lead to information leaks within the Linux kernel.