cve-2023-52764
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2024-09-11 17:33
Severity
Summary
media: gspca: cpia1: shift-out-of-bounds in set_flicker
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:37:06.356182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:31.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/gspca/cpia1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69bba62600bd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "2eee8edfff90",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "8f83c85ee882",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c6b6b8692218",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "09cd8b561aa9",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "a647f27a7426",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "93bddd6529f1",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "e2d7149b913d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "099be1822d1f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/gspca/cpia1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type \u0027int\u0027\n\nWhen the value of the variable \"sd-\u003eparams.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T05:16:55.538Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"
},
{
"url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"
},
{
"url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"
},
{
"url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"
},
{
"url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"
},
{
"url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"
},
{
"url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"
},
{
"url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"
},
{
"url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"
}
],
"title": "media: gspca: cpia1: shift-out-of-bounds in set_flicker",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52764",
"datePublished": "2024-05-21T15:30:49.032Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2024-09-11T17:33:31.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-52764\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T16:15:15.700\",\"lastModified\":\"2024-05-21T16:53:56.550\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\\n\\nSyzkaller reported the following issue:\\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\\nshift exponent 245 is too large for 32-bit type \u0027int\u0027\\n\\nWhen the value of the variable \\\"sd-\u003eparams.exposure.gain\\\" exceeds the\\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\\nis triggered because the variable \\\"currentexp\\\" cannot be left-shifted by\\nmore than the number of bits in an integer. In order to avoid invalid\\nrange during left-shift, the conditional expression is added.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: media: gspca: cpia1: desplazamiento fuera de los l\u00edmites en set_flicker. Syzkaller inform\u00f3 el siguiente problema: UBSAN: desplazamiento fuera de los l\u00edmites en drivers/media/usb/gspca /cpia1.c:1031:27 el exponente de desplazamiento 245 es demasiado grande para el tipo \u0027int\u0027 de 32 bits. Cuando el valor de la variable \\\"sd-\u0026gt;params.exposure.gain\\\" excede el n\u00famero de bits en un n\u00famero entero, se realiza un desplazamiento. Se informa un error fuera de los l\u00edmites. Se activa porque la variable \\\"currentexp\\\" no puede desplazarse hacia la izquierda m\u00e1s que el n\u00famero de bits de un n\u00famero entero. Para evitar un rango no v\u00e1lido durante el desplazamiento a la izquierda, se agrega la expresi\u00f3n condicional.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}