CVE-2023-52754

2024-05-2116:15:14

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

media

imon

vulnerability

usb

memory corruption

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

media: imon: fix access to invalid resource for the second interface

imon driver probes two USB interfaces, and at the probe of the second
interface, the driver assumes blindly that the first interface got
bound with the same imon driver. It’s usually true, but it’s still
possible that the first interface is bound with another driver via a
malformed descriptor. Then it may lead to a memory corruption, as
spotted by syzkaller; imon driver accesses the data from drvdata as
struct imon_context object although it’s a completely different one
that was assigned by another driver.

This patch adds a sanity check – whether the first interface is
really bound with the imon driver or not – for avoiding the problem
above at the probe time.

Affected configurations

Vulners

Node

linuxlinux_kernelRange5.10.0–5.10.202

linuxlinux_kernelRange5.11.0–5.15.140

linuxlinux_kernelRange5.16.0–6.1.64

linuxlinux_kernelRange6.2.0–6.5.13

linuxlinux_kernelRange6.6.0–6.6.3

linuxlinux_kernelRange6.7.0≥

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/media/rc/imon.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "0f5068519f89",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "5e0b788fb96b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "b083aaf5db2e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "10ec5a97f8f5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "2a493a34bd6e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "a1766a4fd83b",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/media/rc/imon.c"
    ],
    "versions": [
      {
        "version": "5.10.202",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.140",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.64",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.5.13",
        "lessThanOrEqual": "6.5.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.3",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]