CVE-2023-52565

media: uvcvideo: Fix OOB read

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do
an out of bound read.

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-02 CVE Reserved
2024-03-02 CVE Published
2024-12-17 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/367703c3ec4f72208b8cae14310b8a2c955ec565	Vuln. Introduced
https://git.kernel.org/stable/c/40140eda661ea4be219ef194a4f43b7b5e3bbd27	Vuln. Introduced
https://git.kernel.org/stable/c/42cbbc6b2c39b02e07cbd24dc2155d4edb99dd04	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558	2023-10-06
https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023	2023-10-06
https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb	2023-09-14

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52565	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2267724	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.16 < 6.1.56 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.16 < 6.1.56"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.5.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.5.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.2.3 Search vendor "Linux" for product "Linux Kernel" and version "6.2.3"		en		Affected