CVE-2023-53465
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
soundwire: qcom: fix storing port config out-of-bounds
The 'qcom_swrm_ctrl->pconfig' has size of QCOM_SDW_MAX_PORTS (14), however we index it starting from 1, not 0, to match real port numbers. This can lead to writing port config past 'pconfig' bounds and overwriting next member of 'qcom_swrm_ctrl' struct. Reported also by smatch:
drivers/soundwire/qcom.c:1269 qcom_swrm_get_port_config() error: buffer overflow 'ctrl->pconfig' 14 <= 14
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9916c02ccd74e672b62dd1a9017ac2f237ebf512 < 20f7c4d51c94abb1a1a7c21900db4fb5afe5c8ff | affected |
| Linux | Linux | 9916c02ccd74e672b62dd1a9017ac2f237ebf512 < 801daff0078087b5df9145c9f5e643c28129734b | affected |
| Linux | Linux | 9916c02ccd74e672b62dd1a9017ac2f237ebf512 < 32eb67d7360d48c15883e0d21b29c0aab9da022e | affected |
| Linux | Linux | 9916c02ccd74e672b62dd1a9017ac2f237ebf512 < 490937d479abe5f6584e69b96df066bc87be92e9 | affected |
| Linux | Linux | 5.13 | affected |
| Linux | Linux | 0 < 5.13 | unaffected |
| Linux | Linux | 5.15.121 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.40 <= 6.1.* | unaffected |
| Linux | Linux | 6.4.5 <= 6.4.* | unaffected |
| Linux | Linux | 6.5 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/20f7c4d51c94abb1a1a7c21900db4fb5afe5c8ff
- https://git.kernel.org/stable/c/801daff0078087b5df9145c9f5e643c28129734b
- https://git.kernel.org/stable/c/32eb67d7360d48c15883e0d21b29c0aab9da022e
- https://git.kernel.org/stable/c/490937d479abe5f6584e69b96df066bc87be92e9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.