CVE-2023-52614
PM / devfreq: Fix buffer overflow in trans_stat_show
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: Fix buffer overflow in trans_stat_show
Fix buffer overflow in trans_stat_show().
Convert simple snprintf to the more secure scnprintf with size of
PAGE_SIZE.
Add condition checking if we are exceeding PAGE_SIZE and exit early from
loop. Also add at the end a warning that we exceeded PAGE_SIZE and that
stats is disabled.
Return -EFBIG in the case where we don't have enough space to write the
full transition table.
Also document in the ABI that this function can return -EFBIG error.
En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: PM / devfreq: Arreglar desbordamiento de búfer en trans_stat_show Arreglar desbordamiento de búfer en trans_stat_show(). Convierta snprintf simple en scnprintf más seguro con un tamaño de PAGE_SIZE. Agregue verificación de condiciones si excedemos PAGE_SIZE y salga temprano del ciclo. También agregue al final una advertencia de que excedimos PAGE_SIZE y que las estadísticas están deshabilitadas. Devuelve -EFBIG en el caso de que no tengamos suficiente espacio para escribir la tabla de transición completa. También documente en la ABI que esta función puede devolver el error -EFBIG.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-06 CVE Reserved
- 2024-03-18 CVE Published
- 2024-12-17 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/e552bbaf5b987f57c43e6981a452b8a3c700b1ae | Vuln. Introduced | |
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-52614 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2270071 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.10.216" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 5.15.149" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.1.76" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.6.15" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.7.3" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.8" | en |
Affected
|