CVE-2023-52462

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52462
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52462.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52462
Downstream
Related
Published
2024-02-23T15:15:08Z
Modified
2025-08-09T20:01:27Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix check for attempt to corrupt spilled pointer

When register is spilled onto a stack as a 1/2/4-byte register, we set slottype[BPFREGSIZE - 1] (plus potentially few more below it, depending on actual spill size). So to check if some stack slot has spilled register we need to consult slottype[7], not slot_type[0].

To avoid the need to remember and double-check this in the future, just use isspilledreg() helper.

References

Affected packages