{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52996", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-03-27T16:40:15.742Z", "datePublished": "2025-03-27T16:43:30.547Z", "dateUpdated": "2025-05-04T07:47:10.247Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:47:10.247Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: prevent potential spectre v1 gadget in fib_metrics_match()\n\nif (!type)\n continue;\n if (type > RTAX_MAX)\n return false;\n ...\n fi_val = fi->fib_metrics->metrics[type - 1];\n\n@type being used as an array index, we need to prevent\ncpu speculation or risk leaking kernel memory content."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/fib_semantics.c"], "versions": [{"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "8f0eb24f1a7a60ce635f0d757a46f1a37a4d467d", "status": "affected", "versionType": "git"}, {"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "7f9828fb1f688210e681268490576f0ca65c322a", "status": "affected", "versionType": "git"}, {"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "ca3cf947760de050d558293002ad3e7f4b8745d2", "status": "affected", "versionType": "git"}, {"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "f9753ebd61be2d957b5504cbd3fd719674f05b7a", "status": "affected", "versionType": "git"}, {"version": "5f9ae3d9e7e4ad6db0491abc7c4ae5452dbeadd8", "lessThan": "5e9398a26a92fc402d82ce1f97cc67d832527da0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv4/fib_semantics.c"], "versions": [{"version": "4.14", "status": "affected"}, {"version": "0", "lessThan": "4.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.231", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.166", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.91", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.9", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.4.231"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.10.166"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.15.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.1.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8f0eb24f1a7a60ce635f0d757a46f1a37a4d467d"}, {"url": "https://git.kernel.org/stable/c/7f9828fb1f688210e681268490576f0ca65c322a"}, {"url": "https://git.kernel.org/stable/c/ca3cf947760de050d558293002ad3e7f4b8745d2"}, {"url": "https://git.kernel.org/stable/c/f9753ebd61be2d957b5504cbd3fd719674f05b7a"}, {"url": "https://git.kernel.org/stable/c/5e9398a26a92fc402d82ce1f97cc67d832527da0"}], "title": "ipv4: prevent potential spectre v1 gadget in fib_metrics_match()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: prevent potential spectre v1 gadget in fib_metrics_match()\n\nif (!type)\n continue;\n if (type > RTAX_MAX)\n return false;\n ...\n fi_val = fi->fib_metrics->metrics[type - 1];\n\n@type being used as an array index, we need to prevent\ncpu speculation or risk leaking kernel memory content."}], "id": "CVE-2023-52996", "lastModified": "2025-03-28T18:11:49.747", "metrics": {}, "published": "2025-03-27T17:15:48.310", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5e9398a26a92fc402d82ce1f97cc67d832527da0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7f9828fb1f688210e681268490576f0ca65c322a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8f0eb24f1a7a60ce635f0d757a46f1a37a4d467d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ca3cf947760de050d558293002ad3e7f4b8745d2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f9753ebd61be2d957b5504cbd3fd719674f05b7a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ipv4: prevent potential spectre v1 gadget in fib_metrics_match()", "id": "2355438", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355438"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "status": "draft"}, "cwe": "CWE-200", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nipv4: prevent potential spectre v1 gadget in fib_metrics_match()\nif (!type)\ncontinue;\nif (type > RTAX_MAX)\nreturn false;\n...\nfi_val = fi->fib_metrics->metrics[type - 1];\n@type being used as an array index, we need to prevent\ncpu speculation or risk leaking kernel memory content.", "A flaw was found in the fib_metrics_match function in the net/ipv4/fib_semantics.c file in the Linux kernel, which contains source code that can lead to CPU speculation or risk leaking kernel memory content. Specifically, this vulnerability can allows an attacker to exploit a Spectre v1 gadget attack."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52996", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52996\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52996\nhttps://lore.kernel.org/linux-cve-announce/2025032710-CVE-2023-52996-7c1f@gregkh/T"], "statement": "Red Hat Product Security has rated this update with a security impact of Moderate. All Red Hat products are being evaluated for impact and Red Hat will work with the Linux community to analyze and correct any issues found. Successful exploitation of this flaw requires the attacker to have advanced knowledge of the software versions used on the system. For additional information about this flaw including possible mitigations please refer to: https://access.redhat.com/solutions/3545361", "threat_severity": "Moderate"}