← Back

CVE-2023-52494

nvd nist
Published: Mar 11, 2024Modified: Feb 14, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "is_valid_ring_ptr" to make sure it is in the buffer range, but there is another risk the pointer may be not aligned. Since we are expecting event ring elements are 128 bits(struct mhi_ring_element) aligned, an unaligned read pointer could lead to multiple issues like DoS or ring buffer memory corruption. So add a alignment check for event ring read pointer.

Affected (4)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 5.13 to 5.15.149
Linux Kernel
From 5.16 to 6.1.76
Linux Kernel
From 6.2 to 6.6.15
Linux Kernel
From 6.7 to 6.7.3

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (10)

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mailing ListPatch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mailing ListPatch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mailing ListPatch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mailing ListPatch
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch

Timeline

No history available yet.