CVE-2023-52494

bus: mhi: host: Add alignment check for event ring read pointer

Severity Score

5.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "is_valid_ring_ptr"
to make sure it is in the buffer range, but there is another risk the
pointer may be not aligned. Since we are expecting event ring elements
are 128 bits(struct mhi_ring_element) aligned, an unaligned read pointer
could lead to multiple issues like DoS or ring buffer memory corruption. So add a alignment check for event ring read pointer.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bus: mhi: host: agregar verificación de alineación para el puntero de lectura del anillo de eventos. Aunque verificamos el puntero de lectura del anillo de eventos mediante "is_valid_ring_ptr" para asegurarnos de que esté en el rango del búfer, pero existe otro riesgo de que el puntero no esté alineado. Dado que esperamos que los elementos del anillo de eventos estén alineados con 128 bits (struct mhi_ring_element), un puntero de lectura no alineado podría provocar múltiples problemas como DoS o corrupción de la memoria del búfer del anillo. Por lo tanto, agregue una verificación de alineación para el puntero de lectura del anillo de eventos.

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "is_valid_ring_ptr" to make sure it is in the buffer range, but there is another risk the pointer may be not aligned. Since we are expecting event ring elements are 128 bits(struct mhi_ring_element) aligned, an unaligned read pointer could lead to multiple issues like DoS or ring buffer memory corruption. So add a alignment check for event ring read pointer.

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-02-29 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/ec32332df7645e0ba463a08d483fe97665167071	Vuln. Introduced
https://git.kernel.org/stable/c/a1d2bd164c1c78f87968b7883964175ec41c32ae	Vuln. Introduced
https://git.kernel.org/stable/c/fd5f40fc887485a8b9a6806a640a0d8e0ef1afb6	Vuln. Introduced
https://git.kernel.org/stable/c/76879a980cd5ede4cb9a638999fb80d37bc09db5	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/94991728c84f8df54fd9eec9b85855ef9057ea08	2024-02-23
https://git.kernel.org/stable/c/2df39ac8f813860f79782807c3f7acff40b3c551	2024-02-01
https://git.kernel.org/stable/c/a9ebfc405fe1be145f414eafadcbf09506082010	2024-02-01
https://git.kernel.org/stable/c/ecf8320111822a1ae5d5fc512953eab46d543d0b	2024-02-01
https://git.kernel.org/stable/c/eff9704f5332a13b08fbdbe0f84059c9e7051d5f	2023-12-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.1.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.6.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.7.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.10.36 Search vendor "Linux" for product "Linux Kernel" and version "5.10.36"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.11.20 Search vendor "Linux" for product "Linux Kernel" and version "5.11.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.12.3 Search vendor "Linux" for product "Linux Kernel" and version "5.12.3"		en		Affected