CVE-2023-52461

drm/sched: Fix bounds limiting when given a malformed entity

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drm_sched_entity_init()--shouldn't
happen, but we verify--with out-of-bounds priority value, we set it to an
allowed value. Fix the expression which sets this limit.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/sched: corrige los límites que limitan cuando se proporciona una entidad con formato incorrecto. Si se nos proporciona una entidad con formato incorrecto en drm_sched_entity_init(), no debería suceder, pero lo verificamos, sin valor de prioridad de los límites, lo configuramos en un valor permitido. Fije la expresión que establece este límite.

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix bounds limiting when given a malformed entity If we're given a malformed entity in drm_sched_entity_init()--shouldn't happen, but we verify--with out-of-bounds priority value, we set it to an allowed value. Fix the expression which sets this limit.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-02-23 CVE Published
2024-02-24 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (3)

URL	Tag	Source
https://git.kernel.org/stable/c/56e449603f0ac580700621a356d35d5716a62ce5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/1470d173925d697b497656b93f7c5bddae2e64b2	2024-01-25
https://git.kernel.org/stable/c/2bbe6ab2be53858507f11f99f856846d04765ae3	2023-11-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.7 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.8"		en		Affected