CVE-2023-53272

{"id": "CVE-2023-53272", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2025-09-16T08:15:36.013", "references": [{"url": "https://git.kernel.org/stable/c/0939c264729d4a081ff88efce2ffdf85dc5331e0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1e760b2d18bf129b3da052c2946c02758e97d15e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1e9cb763e9bacf0c932aa948f50dcfca6f519a26", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3e36cc94d6e60a27f27498adf1c71eeba769ab33", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/90947ebf8794e3c229fb2e16e37f1bfea6877f14", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: fix shift-out-of-bounds in exponential backoff\n\nThe ENA adapters on our instances occasionally reset. Once recently\nlogged a UBSAN failure to console in the process:\n\n UBSAN: shift-out-of-bounds in build/linux/drivers/net/ethernet/amazon/ena/ena_com.c:540:13\n shift exponent 32 is too large for 32-bit type 'unsigned int'\n CPU: 28 PID: 70012 Comm: kworker/u72:2 Kdump: loaded not tainted 5.15.117\n Hardware name: Amazon EC2 c5d.9xlarge/, BIOS 1.0 10/16/2017\n Workqueue: ena ena_fw_reset_device [ena]\n Call Trace:\n <TASK>\n dump_stack_lvl+0x4a/0x63\n dump_stack+0x10/0x16\n ubsan_epilogue+0x9/0x36\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e\n ? __const_udelay+0x43/0x50\n ena_delay_exponential_backoff_us.cold+0x16/0x1e [ena]\n wait_for_reset_state+0x54/0xa0 [ena]\n ena_com_dev_reset+0xc8/0x110 [ena]\n ena_down+0x3fe/0x480 [ena]\n ena_destroy_device+0xeb/0xf0 [ena]\n ena_fw_reset_device+0x30/0x50 [ena]\n process_one_work+0x22b/0x3d0\n worker_thread+0x4d/0x3f0\n ? process_one_work+0x3d0/0x3d0\n kthread+0x12a/0x150\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x22/0x30\n </TASK>\n\nApparently, the reset delays are getting so large they can trigger a\nUBSAN panic.\n\nLooking at the code, the current timeout is capped at 5000us. Using a\nbase value of 100us, the current code will overflow after (1<<29). Even\nat values before 32, this function wraps around, perhaps\nunintentionally.\n\nCap the value of the exponent used for this backoff at (1<<16) which is\nlarger than currently necessary, but large enough to support bigger\nvalues in the future."}], "lastModified": "2025-12-03T16:54:36.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "518293EE-3001-4839-84EA-D5DA06842695", "versionEndExcluding": "5.10.188", "versionStartIncluding": "5.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC77775B-EC31-4966-966C-1286C02B2A85", "versionEndExcluding": "5.15.121", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69315BCC-36D2-45CD-84F8-381EDF8E38F3", "versionEndExcluding": "6.1.40", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "923F6AEA-C2EF-4B08-B038-69A18F3D41F8", "versionEndExcluding": "6.4.5", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}