PT-2023-8760 · Linux+10 · Linux Kernel+10
Published
2023-11-23
·
Updated
2025-09-29
·
CVE-2023-52464
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a possible out-of-bounds string access in the EDAC/thunderx driver. The problem arises from the incorrect usage of the
strncat() function, where the author expected it to behave like strlcat(), which uses the size of the destination buffer as its third argument. This results in no check on the size of the allocated buffer, potentially leading to memory access issues. The vulnerability is exploited through the thunderx ocx com threaded isr function in the drivers/edac/thunderx edac.c file.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu