CVE-2023-52614
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: Fix buffer overflow in trans_stat_show
Fix buffer overflow in trans_stat_show().
Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE.
Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled.
Return -EFBIG in the case where we don't have enough space to write the full transition table.
Also document in the ABI that this function can return -EFBIG error.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | e552bbaf5b987f57c43e6981a452b8a3c700b1ae < 087de000e4f8c878c81d9dd3725f00a1d292980c | affected |
| Linux | Linux | e552bbaf5b987f57c43e6981a452b8a3c700b1ae < 796d3fad8c35ee9df9027899fb90ceaeb41b958f | affected |
| Linux | Linux | e552bbaf5b987f57c43e6981a452b8a3c700b1ae < 8a7729cda2dd276d7a3994638038fb89035b6f2c | affected |
| Linux | Linux | e552bbaf5b987f57c43e6981a452b8a3c700b1ae < a979f56aa4b93579cf0e4265ae04d7e9300fd3e8 | affected |
| Linux | Linux | e552bbaf5b987f57c43e6981a452b8a3c700b1ae < eaef4650fa2050147ca25fd7ee43bc0082e03c87 | affected |
| Linux | Linux | e552bbaf5b987f57c43e6981a452b8a3c700b1ae < 08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4 | affected |
| Linux | Linux | 3.8 | affected |
| Linux | Linux | 0 < 3.8 | unaffected |
| Linux | Linux | 5.10.216 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.149 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.76 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.15 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.3 <= 6.7.* | unaffected |
| Linux | Linux | 6.8 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/087de000e4f8c878c81d9dd3725f00a1d292980c
- https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f
- https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c
- https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8
- https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87
- https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Additional References
References
- https://git.kernel.org/stable/c/087de000e4f8c878c81d9dd3725f00a1d292980c
- https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f
- https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c
- https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8
- https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87
- https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.