CVE-2023-52658

MEDIUM
2024-05-17 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Linux Denial Of Service Linux Kernel
5.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch Released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
May 17, 2024 - 12:15 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"

This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash.

AnalysisAI

A denial-of-service vulnerability exists in the Linux kernel's MLX5 network driver switchdev mode implementation, caused by a problematic commit (662404b24a4c4d839839ed25e3097571f5938b9b) that was reverted due to suspected instability and system crashes. Local attackers with low privileges can trigger this vulnerability to cause system unavailability or kernel crashes without user interaction. The vulnerability affects Linux kernel versions 6.3 through 6.8-rc1, with an EPSS score of 0.02% indicating low exploitation probability in the wild, though patches are available from the kernel maintainers.

Technical ContextAI

The vulnerability is located in the Linux kernel's Mellanox MLX5 Ethernet driver subsystem, specifically in the switchdev (switch device) mode code path. Switchdev mode allows network devices to function as virtual switches within the kernel, and the problematic commit attempted to add namespace consistency validation before entering switchdev mode. The revert was necessary because the validation logic introduced a defect that causes kernel crashes rather than preventing problematic configurations. The root cause appears to be insufficient input validation or improper error handling in the switchdev mode transition logic, though no specific CWE is assigned. The affected CPE entries (cpe:2.3:o:linux:linux_kernel) confirm impact across multiple kernel versions from 6.3-rc4 through 6.8-rc1.

RemediationAI

Upgrade the Linux kernel to version 6.3 with the revert patch (commit 136ccb2041a5d1a475f845d3bc138550be6f5daa or later) or to any stable kernel version released after the fix (6.4.x, 6.5.x, 6.6.x, 6.7.x, or 6.8 final release). Most major Linux distributions (Red Hat, Ubuntu, Debian, SUSE) have backported these fixes to their supported kernel branches, so apply updates via your distribution's package management system. Until patching is feasible, avoid enabling switchdev mode on MLX5 devices unless absolutely necessary; if switchdev mode must be used, restrict access to the system through firewall rules and user account controls. Verify kernel version and apply available security updates from your distribution vendor's advisory channels. No workarounds are viable for production systems running switchdev mode, making timely patching the only reliable mitigation.

Share

CVE-2023-52658 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy