SB2025050471 - Improper error handling in Linux kernel esw acl driver
Published: May 4, 2025 Updated: May 10, 2025
Security Bulletin ID
SB2025050471
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper error handling (CVE-ID: CVE-2023-53058)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mlx5_esw_acl_ingress_vport_bond_update() function in drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1a9853a7437a22fd849347008fb3c85087906b56
- https://git.kernel.org/stable/c/388188fb58bef9e7f3ca4f8970f03d493b66909f
- https://git.kernel.org/stable/c/5eadc80328298ef7beaaf0cd96791667d3b485ca
- https://git.kernel.org/stable/c/640fcdbcf27fc62de9223f958ceb4e897a00e791
- https://git.kernel.org/stable/c/c4c977935b2fc60084b3735737d17a06e7ba1bd0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.22