SB20251001136 - Buffer overflow in Linux kernel pensando ionic driver
Published: October 1, 2025 Updated: October 27, 2025
Security Bulletin ID
SB20251001136
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2023-53470)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ionic_devlink_alloc() function in drivers/net/ethernet/pensando/ionic/ionic_devlink.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0020c16c8af7f4bc9503a2088fb30793b6771fac
- https://git.kernel.org/stable/c/0d02efe7f25158c93146e3bb827bc7bb3cd5e71a
- https://git.kernel.org/stable/c/4a54903ff68ddb33b6463c94b4eb37fc584ef760
- https://git.kernel.org/stable/c/5325f50de5b1433b27dda7ccff5cb7283722a3f1
- https://git.kernel.org/stable/c/c177dd465f5c1e5f242cdb9258826c591c257e9a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.112