cvelistv5 - cve-2023-52627

▼	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

wid-sec-w-2024-0722

Vulnerability from csaf_certbund

Published

2024-03-26 23:00

Modified

2024-07-22 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um Dateien zu manipulieren, unbekannte Effekte zu verursachen oder einen Denial-of-Service-Zustand auszulösen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um Dateien zu manipulieren, unbekannte Effekte zu verursachen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0722 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0722.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0722 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0722"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326151722.1258576-3-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326151722.1258576-4-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326171931.1354035-4-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326171931.1354035-5-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326171931.1354035-6-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326175007.1388794-10-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326175007.1388794-11-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326175007.1388794-12-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326175007.1388794-13-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326175007.1388794-14-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326175007.1388794-15-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326175007.1388794-16-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326175007.1388794-17-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-03-26",
        "url": "http://lore.kernel.org/linux-cve-announce/20240326175007.1388794-18-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2024-03-26",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271644"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2024-03-26",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271648"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2024-03-26",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271690"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2024-03-26",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271688"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2024-03-26",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271686"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2024-03-26",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271684"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2024-03-26",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271682"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2024-03-26",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271680"
      },
      {
        "category": "external",
        "summary": "RedHat Bugzilla vom 2024-03-26",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271678"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-03-26",
        "url": "https://github.com/advisories/GHSA-q6px-8pwj-ppvh"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-03-26",
        "url": "https://github.com/advisories/GHSA-wrwp-f8pq-q3qj"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-03-26",
        "url": "https://github.com/advisories/GHSA-fxcg-hv47-5q4m"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1320-1 vom 2024-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018372.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1321-1 vom 2024-04-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018375.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1322-1 vom 2024-04-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018374.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1332-2 vom 2024-04-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018378.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1332-1 vom 2024-04-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018376.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1322-2 vom 2024-04-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018377.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1466-1 vom 2024-04-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018438.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1480-1 vom 2024-04-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018444.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1490-1 vom 2024-05-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018445.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5681 vom 2024-05-06",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00090.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6766-1 vom 2024-05-07",
        "url": "https://ubuntu.com/security/notices/USN-6766-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6765-1 vom 2024-05-07",
        "url": "https://ubuntu.com/security/notices/USN-6765-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6767-1 vom 2024-05-07",
        "url": "https://ubuntu.com/security/notices/USN-6767-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6767-2 vom 2024-05-14",
        "url": "https://ubuntu.com/security/notices/USN-6767-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1659-1 vom 2024-05-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6766-2 vom 2024-05-15",
        "url": "https://ubuntu.com/security/notices/USN-6766-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6766-3 vom 2024-05-20",
        "url": "https://ubuntu.com/security/notices/USN-6766-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6795-1 vom 2024-05-28",
        "url": "https://ubuntu.com/security/notices/USN-6795-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6819-1 vom 2024-06-08",
        "url": "https://ubuntu.com/security/notices/USN-6819-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6818-1 vom 2024-06-08",
        "url": "https://ubuntu.com/security/notices/USN-6818-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6818-2 vom 2024-06-10",
        "url": "https://ubuntu.com/security/notices/USN-6818-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6828-1 vom 2024-06-11",
        "url": "https://ubuntu.com/security/notices/USN-6828-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6819-2 vom 2024-06-12",
        "url": "https://ubuntu.com/security/notices/USN-6819-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6819-3 vom 2024-06-12",
        "url": "https://ubuntu.com/security/notices/USN-6819-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6818-3 vom 2024-06-14",
        "url": "https://ubuntu.com/security/notices/USN-6818-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6818-4 vom 2024-06-19",
        "url": "https://ubuntu.com/security/notices/USN-6818-4"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3842 vom 2024-06-25",
        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6819-4 vom 2024-06-26",
        "url": "https://ubuntu.com/security/notices/USN-6819-4"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3840 vom 2024-06-27",
        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4211 vom 2024-07-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:4211"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-4211 vom 2024-07-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-4211.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4349 vom 2024-07-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:4349"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-4349 vom 2024-07-09",
        "url": "https://linux.oracle.com/errata/ELSA-2024-4349.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2360-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018907.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2381-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018916.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10",
        "url": "https://access.redhat.com/errata/RHSA-2024:4321"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4352 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4352"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4349 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4349"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4211"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:4631"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-22T22:00:00.000+00:00",
      "generator": {
        "date": "2024-07-23T08:05:34.889+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0722",
      "initial_release_date": "2024-03-26T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-03-26T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-18T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-01T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-02T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-06T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-13T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-15T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-20T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-09T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-10T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-12T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-16T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-18T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-06-26T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-27T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-02T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-07T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-08T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-07-22T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "30"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.8",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.8",
                  "product_id": "T033368",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52621",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2023-52621"
    },
    {
      "cve": "CVE-2023-52622",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2023-52622"
    },
    {
      "cve": "CVE-2023-52623",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2023-52623"
    },
    {
      "cve": "CVE-2023-52624",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2023-52624"
    },
    {
      "cve": "CVE-2023-52625",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2023-52625"
    },
    {
      "cve": "CVE-2023-52626",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2023-52626"
    },
    {
      "cve": "CVE-2023-52627",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2023-52627"
    },
    {
      "cve": "CVE-2024-26644",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2024-26644"
    },
    {
      "cve": "CVE-2024-26645",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2024-26645"
    },
    {
      "cve": "CVE-2024-26646",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2024-26646"
    },
    {
      "cve": "CVE-2024-26647",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2024-26647"
    },
    {
      "cve": "CVE-2024-26648",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2024-26648"
    },
    {
      "cve": "CVE-2024-26649",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2024-26649"
    },
    {
      "cve": "CVE-2024-26650",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten wie \"btrfs\", \"tracing\", \"bpf\" oder \"ext4\". Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um unbekannte Effekte zu verursachen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand auszul\u00f6sen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2024-03-26T23:00:00Z",
      "title": "CVE-2024-26650"
    }
  ]
}

gsd-2023-52627

Vulnerability from gsd

Modified

2024-03-07 06:01

Details

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user space when ADC readings fall bellow the thresholds of low limit registers or above the values set in high limit registers. However, to configure iio events and their thresholds, a set of callback functions must be implemented and those were not present until now. The consequence of trying to configure ad7091r-5 events without the proper callback functions was a null pointer dereference in the kernel because the pointers to the callback functions were not set. Implement event configuration callbacks allowing users to read/write event thresholds and enable/disable event generation. Since the event spec structs are generic to AD7091R devices, also move those from the ad7091r-5 driver the base driver so they can be reused when support for ad7091r-2/-4/-8 be added.

Aliases

CVE-2023-52627

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-52627"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7091r: Allow users to configure device events\n\nAD7091R-5 devices are supported by the ad7091r-5 driver together with\nthe ad7091r-base driver. Those drivers declared iio events for notifying\nuser space when ADC readings fall bellow the thresholds of low limit\nregisters or above the values set in high limit registers.\nHowever, to configure iio events and their thresholds, a set of callback\nfunctions must be implemented and those were not present until now.\nThe consequence of trying to configure ad7091r-5 events without the\nproper callback functions was a null pointer dereference in the kernel\nbecause the pointers to the callback functions were not set.\n\nImplement event configuration callbacks allowing users to read/write\nevent thresholds and enable/disable event generation.\n\nSince the event spec structs are generic to AD7091R devices, also move\nthose from the ad7091r-5 driver the base driver so they can be reused\nwhen support for ad7091r-2/-4/-8 be added.",
      "id": "GSD-2023-52627",
      "modified": "2024-03-07T06:01:45.461248Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2023-52627",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "ca69300173b6",
                          "version_value": "1eba6f7ffa29"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "5.6"
                              },
                              {
                                "lessThan": "5.6",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.10.*",
                                "status": "unaffected",
                                "version": "5.10.210",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.15.*",
                                "status": "unaffected",
                                "version": "5.15.149",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "6.1.*",
                                "status": "unaffected",
                                "version": "6.1.76",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "6.6.*",
                                "status": "unaffected",
                                "version": "6.6.15",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "6.7.*",
                                "status": "unaffected",
                                "version": "6.7.3",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "6.8",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7091r: Allow users to configure device events\n\nAD7091R-5 devices are supported by the ad7091r-5 driver together with\nthe ad7091r-base driver. Those drivers declared iio events for notifying\nuser space when ADC readings fall bellow the thresholds of low limit\nregisters or above the values set in high limit registers.\nHowever, to configure iio events and their thresholds, a set of callback\nfunctions must be implemented and those were not present until now.\nThe consequence of trying to configure ad7091r-5 events without the\nproper callback functions was a null pointer dereference in the kernel\nbecause the pointers to the callback functions were not set.\n\nImplement event configuration callbacks allowing users to read/write\nevent thresholds and enable/disable event generation.\n\nSince the event spec structs are generic to AD7091R devices, also move\nthose from the ad7091r-5 driver the base driver so they can be reused\nwhen support for ad7091r-2/-4/-8 be added."
          }
        ]
      },
      "generator": {
        "engine": "bippy-b4257b672505"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5"
          },
          {
            "name": "https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091"
          },
          {
            "name": "https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4"
          },
          {
            "name": "https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2"
          },
          {
            "name": "https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6"
          },
          {
            "name": "https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7091r: Allow users to configure device events\n\nAD7091R-5 devices are supported by the ad7091r-5 driver together with\nthe ad7091r-base driver. Those drivers declared iio events for notifying\nuser space when ADC readings fall bellow the thresholds of low limit\nregisters or above the values set in high limit registers.\nHowever, to configure iio events and their thresholds, a set of callback\nfunctions must be implemented and those were not present until now.\nThe consequence of trying to configure ad7091r-5 events without the\nproper callback functions was a null pointer dereference in the kernel\nbecause the pointers to the callback functions were not set.\n\nImplement event configuration callbacks allowing users to read/write\nevent thresholds and enable/disable event generation.\n\nSince the event spec structs are generic to AD7091R devices, also move\nthose from the ad7091r-5 driver the base driver so they can be reused\nwhen support for ad7091r-2/-4/-8 be added."
          },
          {
            "lang": "es",
            "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iio: adc: ad7091r: permitir a los usuarios configurar eventos de dispositivo Los dispositivos AD7091R-5 son compatibles con el controlador ad7091r-5 junto con el controlador ad7091r-base. Esos controladores declararon eventos iio para notificar al espacio del usuario cuando las lecturas de ADC caen por debajo de los umbrales de los registros de l\u00edmite bajo o por encima de los valores establecidos en los registros de l\u00edmite alto. Sin embargo, para configurar los eventos de iio y sus umbrales, se debe implementar un conjunto de funciones de devoluci\u00f3n de llamada que no estaban presentes hasta ahora. La consecuencia de intentar configurar eventos ad7091r-5 sin las funciones de devoluci\u00f3n de llamada adecuadas fue una desreferencia del puntero nulo en el kernel porque los punteros a las funciones de devoluci\u00f3n de llamada no estaban configurados. Implemente devoluciones de llamadas de configuraci\u00f3n de eventos que permitan a los usuarios leer/escribir umbrales de eventos y habilitar/deshabilitar la generaci\u00f3n de eventos. Dado que las estructuras de especificaciones de eventos son gen\u00e9ricas para los dispositivos AD7091R, tambi\u00e9n mueva las del controlador ad7091r-5 al controlador base para que puedan reutilizarse cuando se agregue soporte para ad7091r-2/-4/-8."
          }
        ],
        "id": "CVE-2023-52627",
        "lastModified": "2024-03-27T12:29:41.530",
        "metrics": {},
        "published": "2024-03-26T18:15:09.140",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

ghsa-4v2g-fxcq-4j44

Vulnerability from github

Published

2024-03-26 18:32

Modified

2024-11-04 18:31

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

iio: adc: ad7091r: Allow users to configure device events

AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user space when ADC readings fall bellow the thresholds of low limit registers or above the values set in high limit registers. However, to configure iio events and their thresholds, a set of callback functions must be implemented and those were not present until now. The consequence of trying to configure ad7091r-5 events without the proper callback functions was a null pointer dereference in the kernel because the pointers to the callback functions were not set.

Implement event configuration callbacks allowing users to read/write event thresholds and enable/disable event generation.

Since the event spec structs are generic to AD7091R devices, also move those from the ad7091r-5 driver the base driver so they can be reused when support for ad7091r-2/-4/-8 be added.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-52627"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-26T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7091r: Allow users to configure device events\n\nAD7091R-5 devices are supported by the ad7091r-5 driver together with\nthe ad7091r-base driver. Those drivers declared iio events for notifying\nuser space when ADC readings fall bellow the thresholds of low limit\nregisters or above the values set in high limit registers.\nHowever, to configure iio events and their thresholds, a set of callback\nfunctions must be implemented and those were not present until now.\nThe consequence of trying to configure ad7091r-5 events without the\nproper callback functions was a null pointer dereference in the kernel\nbecause the pointers to the callback functions were not set.\n\nImplement event configuration callbacks allowing users to read/write\nevent thresholds and enable/disable event generation.\n\nSince the event spec structs are generic to AD7091R devices, also move\nthose from the ad7091r-5 driver the base driver so they can be reused\nwhen support for ad7091r-2/-4/-8 be added.",
  "id": "GHSA-4v2g-fxcq-4j44",
  "modified": "2024-11-04T18:31:17Z",
  "published": "2024-03-26T18:32:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52627"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/137568aa540a9f587c48ff7d4c51cdba08cfe9a4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1eba6f7ffa295a0eec098c107043074be7cc4ec5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/49f322ce1f265935f15e5512da69a399f27a5091"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55aca2ce91a63740278502066beaddbd841af9c6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89c4e63324e208a23098f7fb15c00487cecbfed2"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-52627

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2023-52627

Vulnerability from cvelistv5

wid-sec-w-2024-0722

Vulnerability from csaf_certbund

gsd-2023-52627

Vulnerability from gsd

ghsa-4v2g-fxcq-4j44

Vulnerability from github

Tags

Sightings

Nomenclature