CVE-2023-52614

PM / devfreq: Fix buffer overflow in trans_stat_show

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of
PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from
loop. Also add at the end a warning that we exceeded PAGE_SIZE and that
stats is disabled. Return -EFBIG in the case where we don't have enough space to write the
full transition table. Also document in the ABI that this function can return -EFBIG error.

En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: PM / devfreq: Arreglar desbordamiento de búfer en trans_stat_show Arreglar desbordamiento de búfer en trans_stat_show(). Convierta snprintf simple en scnprintf más seguro con un tamaño de PAGE_SIZE. Agregue verificación de condiciones si excedemos PAGE_SIZE y salga temprano del ciclo. También agregue al final una advertencia de que excedimos PAGE_SIZE y que las estadísticas están deshabilitadas. Devuelve -EFBIG en el caso de que no tengamos suficiente espacio para escribir la tabla de transición completa. También documente en la ABI que esta función puede devolver el error -EFBIG.

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error.

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

Multiple

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-06 CVE Reserved
2024-03-18 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-121: Stack-based Buffer Overflow

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/e552bbaf5b987f57c43e6981a452b8a3c700b1ae	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/087de000e4f8c878c81d9dd3725f00a1d292980c	2024-05-02
https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f	2024-02-23
https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c	2024-02-01
https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8	2024-02-01
https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87	2024-02-01
https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4	2023-11-13

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52614	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2270071	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.10.216"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.1.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.6.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.7.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.8 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.8"		en		Affected