CVE-2023-52565

media: uvcvideo: Fix OOB read

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Fix OOB read

If the index provided by the user is bigger than the mask size, we might do
an out of bound read.

*Credits: N/A

CVSS Scores

Red Hatv3.1 3.3

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-02 CVE Reserved
2024-03-02 CVE Published
2024-03-03 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/367703c3ec4f72208b8cae14310b8a2c955ec565	Vuln. Introduced
https://git.kernel.org/stable/c/40140eda661ea4be219ef194a4f43b7b5e3bbd27	Vuln. Introduced
https://git.kernel.org/stable/c/42cbbc6b2c39b02e07cbd24dc2155d4edb99dd04	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558	2023-10-06
https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023	2023-10-06
https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb	2023-09-14

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52565	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2267724	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.16 < 6.1.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.16 < 6.1.56"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.5.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.5.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.2.3 Search vendor "Linux" for product "Linux Kernel" and version "6.2.3"		en		Affected