CVE-2023-52606 (GCVE-0-2023-52606)

Vulnerability from cvelistv5 – Published: 2024-03-06 06:45 – Updated: 2026-05-11 19:30
VLAI
Title
powerpc/lib: Validate size for vector operations
Summary
In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption.
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 42084a428a139f1a429f597d44621e3a18f3e414 (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 0580f4403ad33f379eef865c2a6fe94de37febdf (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < beee482cc4c9a6b1dcffb2e190b4fd8782258678 (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < de4f5ed63b8a199704d8cdcbf810309d7eb4b36b (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < abd26515d4b767ba48241eea77b28ce0872aef3e (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 28b8ba8eebf26f66d9f2df4ba550b6b3b136082c (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 848e1d7fd710900397e1d0e7584680c1c04e3afd (git)
Affected: c22435a5f3d8f85ea162ae523a6ba60a58521ba5 , < 8f9abaa6d7de0a70fc68acaedce290c1f96e2e59 (git)
Create a notification for this product.
Linux Linux Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 4.19.307 , ≤ 4.19.* (semver)
Unaffected: 5.4.269 , ≤ 5.4.* (semver)
Unaffected: 5.10.210 , ≤ 5.10.* (semver)
Unaffected: 5.15.149 , ≤ 5.15.* (semver)
Unaffected: 6.1.77 , ≤ 6.1.* (semver)
Unaffected: 6.6.16 , ≤ 6.6.* (semver)
Unaffected: 6.7.4 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52606",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-06T15:40:47.591136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:50.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.178Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/lib/sstep.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "42084a428a139f1a429f597d44621e3a18f3e414",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "0580f4403ad33f379eef865c2a6fe94de37febdf",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "beee482cc4c9a6b1dcffb2e190b4fd8782258678",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "de4f5ed63b8a199704d8cdcbf810309d7eb4b36b",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "abd26515d4b767ba48241eea77b28ce0872aef3e",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "28b8ba8eebf26f66d9f2df4ba550b6b3b136082c",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "848e1d7fd710900397e1d0e7584680c1c04e3afd",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            },
            {
              "lessThan": "8f9abaa6d7de0a70fc68acaedce290c1f96e2e59",
              "status": "affected",
              "version": "c22435a5f3d8f85ea162ae523a6ba60a58521ba5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/lib/sstep.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/lib: Validate size for vector operations\n\nSome of the fp/vmx code in sstep.c assume a certain maximum size for the\ninstructions being emulated. The size of those operations however is\ndetermined separately in analyse_instr().\n\nAdd a check to validate the assumption on the maximum size of the\noperations, so as to prevent any unintended kernel stack corruption."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:30:13.797Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414"
        },
        {
          "url": "https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678"
        },
        {
          "url": "https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b"
        },
        {
          "url": "https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c"
        },
        {
          "url": "https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59"
        }
      ],
      "title": "powerpc/lib: Validate size for vector operations",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52606",
    "datePublished": "2024-03-06T06:45:31.257Z",
    "dateReserved": "2024-03-02T21:55:42.573Z",
    "dateUpdated": "2026-05-11T19:30:13.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-52606",
      "date": "2026-05-27",
      "epss": "0.00015",
      "percentile": "0.03551"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\npowerpc/lib: Validate size for vector operations\\n\\nSome of the fp/vmx code in sstep.c assume a certain maximum size for the\\ninstructions being emulated. The size of those operations however is\\ndetermined separately in analyse_instr().\\n\\nAdd a check to validate the assumption on the maximum size of the\\noperations, so as to prevent any unintended kernel stack corruption.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/lib: validar tama\\u00f1o para operaciones vectoriales Parte del c\\u00f3digo fp/vmx en sstep.c asume un cierto tama\\u00f1o m\\u00e1ximo para las instrucciones que se emula. Sin embargo, el tama\\u00f1o de esas operaciones se determina por separado en analyse_instr(). Agregue una verificaci\\u00f3n para validar la suposici\\u00f3n sobre el tama\\u00f1o m\\u00e1ximo de las operaciones, a fin de evitar da\\u00f1os no deseados en la pila del kernel.\"}]",
      "id": "CVE-2023-52606",
      "lastModified": "2024-11-21T08:40:10.473",
      "published": "2024-03-06T07:15:11.750",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52606\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-06T07:15:11.750\",\"lastModified\":\"2025-02-14T16:40:45.753\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\npowerpc/lib: Validate size for vector operations\\n\\nSome of the fp/vmx code in sstep.c assume a certain maximum size for the\\ninstructions being emulated. The size of those operations however is\\ndetermined separately in analyse_instr().\\n\\nAdd a check to validate the assumption on the maximum size of the\\noperations, so as to prevent any unintended kernel stack corruption.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/lib: validar tama\u00f1o para operaciones vectoriales Parte del c\u00f3digo fp/vmx en sstep.c asume un cierto tama\u00f1o m\u00e1ximo para las instrucciones que se emula. Sin embargo, el tama\u00f1o de esas operaciones se determina por separado en analyse_instr(). Agregue una verificaci\u00f3n para validar la suposici\u00f3n sobre el tama\u00f1o m\u00e1ximo de las operaciones, a fin de evitar da\u00f1os no deseados en la pila del kernel.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.19.307\",\"matchCriteriaId\":\"4B4E1A83-9957-4265-94C0-516374C8CCFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.269\",\"matchCriteriaId\":\"319545F3-D56C-4751-BEBF-0505478BBAE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.210\",\"matchCriteriaId\":\"F5CB4CA6-A9A0-4AFD-9102-8CF94D708170\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.149\",\"matchCriteriaId\":\"0D0465BB-4053-4E15-9137-6696EBAE90FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.77\",\"matchCriteriaId\":\"0FA28946-970D-4F4D-B759-4E77B28809B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.16\",\"matchCriteriaId\":\"A5007D6A-4B58-423A-8A3A-A1A656A263C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.7.4\",\"matchCriteriaId\":\"848BC44C-9D25-4557-A50A-4B8BF310FA78\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T23:03:21.178Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-52606\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-06T15:40:47.591136Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:11.830Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"powerpc/lib: Validate size for vector operations\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"c22435a5f3d8f85ea162ae523a6ba60a58521ba5\", \"lessThan\": \"42084a428a139f1a429f597d44621e3a18f3e414\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c22435a5f3d8f85ea162ae523a6ba60a58521ba5\", \"lessThan\": \"0580f4403ad33f379eef865c2a6fe94de37febdf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c22435a5f3d8f85ea162ae523a6ba60a58521ba5\", \"lessThan\": \"beee482cc4c9a6b1dcffb2e190b4fd8782258678\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c22435a5f3d8f85ea162ae523a6ba60a58521ba5\", \"lessThan\": \"de4f5ed63b8a199704d8cdcbf810309d7eb4b36b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c22435a5f3d8f85ea162ae523a6ba60a58521ba5\", \"lessThan\": \"abd26515d4b767ba48241eea77b28ce0872aef3e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c22435a5f3d8f85ea162ae523a6ba60a58521ba5\", \"lessThan\": \"28b8ba8eebf26f66d9f2df4ba550b6b3b136082c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c22435a5f3d8f85ea162ae523a6ba60a58521ba5\", \"lessThan\": \"848e1d7fd710900397e1d0e7584680c1c04e3afd\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c22435a5f3d8f85ea162ae523a6ba60a58521ba5\", \"lessThan\": \"8f9abaa6d7de0a70fc68acaedce290c1f96e2e59\", \"versionType\": \"git\"}], \"programFiles\": [\"arch/powerpc/lib/sstep.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.14\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.14\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.307\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.269\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.210\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.149\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.77\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.16\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.7.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"arch/powerpc/lib/sstep.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414\"}, {\"url\": \"https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf\"}, {\"url\": \"https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678\"}, {\"url\": \"https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b\"}, {\"url\": \"https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e\"}, {\"url\": \"https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c\"}, {\"url\": \"https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd\"}, {\"url\": \"https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\npowerpc/lib: Validate size for vector operations\\n\\nSome of the fp/vmx code in sstep.c assume a certain maximum size for the\\ninstructions being emulated. The size of those operations however is\\ndetermined separately in analyse_instr().\\n\\nAdd a check to validate the assumption on the maximum size of the\\noperations, so as to prevent any unintended kernel stack corruption.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.307\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.269\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.210\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.149\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.77\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.16\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.7.4\", \"versionStartIncluding\": \"4.14\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8\", \"versionStartIncluding\": \"4.14\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T19:30:13.797Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-52606\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T19:30:13.797Z\", \"dateReserved\": \"2024-03-02T21:55:42.573Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-03-06T06:45:31.257Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.