CVE-2023-53059
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
It is possible to peep kernel page's data by providing larger insize
in struct cros_ec_command1 when invoking EC host commands.
Fix it by using zeroed memory.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | eda2e30c6684d67288edb841c6125d48c608a242 < 13493ad6a220cb3f6f3552a16b4f2753a118b633 | affected |
| Linux | Linux | eda2e30c6684d67288edb841c6125d48c608a242 < f86ff88a1548ccf5a13960c0e7625ca787ea0993 | affected |
| Linux | Linux | eda2e30c6684d67288edb841c6125d48c608a242 < ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4 | affected |
| Linux | Linux | eda2e30c6684d67288edb841c6125d48c608a242 < eab28bfafcd1245a3510df9aa9eb940589956ea6 | affected |
| Linux | Linux | eda2e30c6684d67288edb841c6125d48c608a242 < a0d8644784f73fa39f57f72f374eefaba2bf48a0 | affected |
| Linux | Linux | eda2e30c6684d67288edb841c6125d48c608a242 < b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3 | affected |
| Linux | Linux | 5.4 | affected |
| Linux | Linux | 0 < 5.4 | unaffected |
| Linux | Linux | 5.4.240 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.177 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.105 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.22 <= 6.1.* | unaffected |
| Linux | Linux | 6.2.9 <= 6.2.* | unaffected |
| Linux | Linux | 6.3 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/13493ad6a220cb3f6f3552a16b4f2753a118b633
- https://git.kernel.org/stable/c/f86ff88a1548ccf5a13960c0e7625ca787ea0993
- https://git.kernel.org/stable/c/ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4
- https://git.kernel.org/stable/c/eab28bfafcd1245a3510df9aa9eb940589956ea6
- https://git.kernel.org/stable/c/a0d8644784f73fa39f57f72f374eefaba2bf48a0
- https://git.kernel.org/stable/c/b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.