Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2023-52494

HistoryMar 11, 2024 - 6:15 p.m.

CVE-2023-52494

2024-03-1118:15:17

Debian Security Bug Tracker

security-tracker.debian.org

linux

kernel

vulnerability

cve-2023-52494

resolved

alignment check

event ring

dos

memory corruption

AI Score

6.9

Confidence

Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by “is_valid_ring_ptr” to make sure it is in the buffer range, but there is another risk the pointer may be not aligned. Since we are expecting event ring elements are 128 bits(struct mhi_ring_element) aligned, an unaligned read pointer could lead to multiple issues like DoS or ring buffer memory corruption. So add a alignment check for event ring read pointer.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 6.1.76-1linux_6.1.76-1_all.deb
Debian11alllinux<= 5.10.223-1linux_5.10.223-1_all.deb
Debian999alllinux< 6.6.15-1linux_6.6.15-1_all.deb
Debian13alllinux< 6.6.15-1linux_6.6.15-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 6.1.76-1	linux_6.1.76-1_all.deb
Debian	11	all	linux	<= 5.10.223-1	linux_5.10.223-1_all.deb
Debian	999	all	linux	< 6.6.15-1	linux_6.6.15-1_all.deb
Debian	13	all	linux	< 6.6.15-1	linux_6.6.15-1_all.deb