github - ghsa-pcxc-636v-74pc

ghsa-pcxc-636v-74pc

Vulnerability from github

Published

2024-03-03 00:30

Modified

2024-03-03 00:30

Details

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Fix OOB read

If the index provided by the user is bigger than the mask size, we might do an out of bound read.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-52565"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-02T22:15:48Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix OOB read\n\nIf the index provided by the user is bigger than the mask size, we might do\nan out of bound read.",
  "id": "GHSA-pcxc-636v-74pc",
  "modified": "2024-03-03T00:30:32Z",
  "published": "2024-03-03T00:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52565"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2023-52565

Vulnerability from cvelistv5

Published

2024-03-02 21:59

Modified

2024-11-04 14:48

Severity ?

Summary

media: uvcvideo: Fix OOB read

References

▼	URL	Tags
	https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558
	https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023
	https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:20.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52565",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:56:29.446061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:36.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/uvc/uvc_ctrl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "09635bf4cdd4",
              "status": "affected",
              "version": "367703c3ec4f",
              "versionType": "git"
            },
            {
              "lessThan": "8bcf70d787f7",
              "status": "affected",
              "version": "40140eda661e",
              "versionType": "git"
            },
            {
              "lessThan": "41ebaa5e0eeb",
              "status": "affected",
              "version": "40140eda661e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/uvc/uvc_ctrl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.56",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix OOB read\n\nIf the index provided by the user is bigger than the mask size, we might do\nan out of bound read."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T14:48:50.470Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558"
        },
        {
          "url": "https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023"
        },
        {
          "url": "https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb"
        }
      ],
      "title": "media: uvcvideo: Fix OOB read",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52565",
    "datePublished": "2024-03-02T21:59:37.505Z",
    "dateReserved": "2024-03-02T21:55:42.567Z",
    "dateUpdated": "2024-11-04T14:48:50.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.