In the Linux kernel, the following vulnerability has been resolved: iio:
adc: ad7091r: Allow users to configure device events AD7091R-5 devices are
supported by the ad7091r-5 driver together with the ad7091r-base driver.
Those drivers declared iio events for notifying user space when ADC
readings fall bellow the thresholds of low limit registers or above the
values set in high limit registers. However, to configure iio events and
their thresholds, a set of callback functions must be implemented and those
were not present until now. The consequence of trying to configure
ad7091r-5 events without the proper callback functions was a null pointer
dereference in the kernel because the pointers to the callback functions
were not set. Implement event configuration callbacks allowing users to
read/write event thresholds and enable/disable event generation. Since the
event spec structs are generic to AD7091R devices, also move those from the
ad7091r-5 driver the base driver so they can be reused when support for
ad7091r-2/-4/-8 be added.
Author | Note |
---|---|
rodrigo-zaiden | USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-106.116 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-41.41 | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1061.67 | UNKNOWN |
git.kernel.org/linus/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f (6.8-rc1)
git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f
git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4
git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5
git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091
git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6
git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2
launchpad.net/bugs/cve/CVE-2023-52627
nvd.nist.gov/vuln/detail/CVE-2023-52627
security-tracker.debian.org/tracker/CVE-2023-52627
ubuntu.com/security/notices/USN-6766-1
ubuntu.com/security/notices/USN-6766-2
ubuntu.com/security/notices/USN-6766-3
ubuntu.com/security/notices/USN-6795-1
ubuntu.com/security/notices/USN-6818-1
ubuntu.com/security/notices/USN-6818-2
ubuntu.com/security/notices/USN-6818-3
ubuntu.com/security/notices/USN-6818-4
ubuntu.com/security/notices/USN-6819-1
ubuntu.com/security/notices/USN-6819-2
ubuntu.com/security/notices/USN-6819-3
ubuntu.com/security/notices/USN-6819-4
ubuntu.com/security/notices/USN-6828-1
www.cve.org/CVERecord?id=CVE-2023-52627