CVE-2023-52794
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal: intel: powerclamp: fix mismatch in get function for max_idle
KASAN reported this
[ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90
[ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2105
...
[ 444.853442] The buggy address belongs to the variable:
[ 444.853443] max_idle+0x0/0xffffffffffffcde0 [intel_powerclamp]
There is a mismatch between the param_get_int and the definition of max_idle. Replacing param_get_int with param_get_byte resolves this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | ebf519710218814cf827adbf9111af081344c969 < 6a3866dbdcf39ac93e98708e6abced511733dc18 | affected |
| Linux | Linux | ebf519710218814cf827adbf9111af081344c969 < 0a8585281b11e3a0723bba8d8085d61f0b55f37c | affected |
| Linux | Linux | ebf519710218814cf827adbf9111af081344c969 < fae633cfb729da2771b5433f6b84ae7e8b4aa5f7 | affected |
| Linux | Linux | 6.3 | affected |
| Linux | Linux | 0 < 6.3 | unaffected |
| Linux | Linux | 6.5.13 <= 6.5.* | unaffected |
| Linux | Linux | 6.6.3 <= 6.6.* | unaffected |
| Linux | Linux | 6.7 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/6a3866dbdcf39ac93e98708e6abced511733dc18
- https://git.kernel.org/stable/c/0a8585281b11e3a0723bba8d8085d61f0b55f37c
- https://git.kernel.org/stable/c/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/6a3866dbdcf39ac93e98708e6abced511733dc18
- https://git.kernel.org/stable/c/0a8585281b11e3a0723bba8d8085d61f0b55f37c
- https://git.kernel.org/stable/c/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.