FKIE_CVE-2023-52764

Vulnerability from fkie_nvd - Published: 2024-05-21 16:15 - Updated: 2025-09-23 19:52
Severity
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the value of the variable "sd->params.exposure.gain" exceeds the number of bits in an integer, a shift-out-of-bounds error is reported. It is triggered because the variable "currentexp" cannot be left-shifted by more than the number of bits in an integer. In order to avoid invalid range during left-shift, the conditional expression is added.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bbPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bbPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9bPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9aPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F120ED7-3012-4856-9F08-B433BC310335",
              "versionEndExcluding": "4.14.331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DDB75-1CAC-40D0-A14D-67A2A55D6005",
              "versionEndExcluding": "4.19.300",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B0AAED-45BA-4928-9A85-66A429B9F038",
              "versionEndExcluding": "5.4.262",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D508B4-58C7-40C2-BE05-44E41110EB98",
              "versionEndExcluding": "5.10.202",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D6C23C-78A3-40D2-B76B-4F1D9C2D95C0",
              "versionEndExcluding": "5.15.140",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D7C884A-CAA2-4EA2-9FEB-5CE776D7B05F",
              "versionEndExcluding": "6.1.64",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4",
              "versionEndExcluding": "6.5.13",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0",
              "versionEndExcluding": "6.6.3",
              "versionStartIncluding": "6.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type \u0027int\u0027\n\nWhen the value of the variable \"sd-\u003eparams.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: media: gspca: cpia1: desplazamiento fuera de los l\u00edmites en set_flicker. Syzkaller inform\u00f3 el siguiente problema: UBSAN: desplazamiento fuera de los l\u00edmites en drivers/media/usb/gspca /cpia1.c:1031:27 el exponente de desplazamiento 245 es demasiado grande para el tipo \u0027int\u0027 de 32 bits. Cuando el valor de la variable \"sd-\u0026gt;params.exposure.gain\" excede el n\u00famero de bits en un n\u00famero entero, se realiza un desplazamiento. Se informa un error fuera de los l\u00edmites. Se activa porque la variable \"currentexp\" no puede desplazarse hacia la izquierda m\u00e1s que el n\u00famero de bits de un n\u00famero entero. Para evitar un rango no v\u00e1lido durante el desplazamiento a la izquierda, se agrega la expresi\u00f3n condicional."
    }
  ],
  "id": "CVE-2023-52764",
  "lastModified": "2025-09-23T19:52:13.697",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-21T16:15:15.700",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.