CVE-2023-2194Out-of-bounds Write in Kernel

CWE-787Out-of-bounds Write33 documents11 sources
Severity
6.7MEDIUMNVD
OSV6.5OSV5.5
EPSS
0.0%
top 95.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedApr 20
Latest updateDec 9

Description

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

Linuxlinux/linux_kernel3.15.05.10.218+3
NVDlinux/linux_kernel< 6.3+1
Debianlinux/linux_kernel< 5.10.178-1+3
Ubuntulinux/linux_kernel< 5.4.0-156.173+1

Also affects: Enterprise Linux 8.0, 9.0, Fedora 38

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

14
OSV
netlink: annotate lockless accesses to nlk->max_recvmsg_len2025-12-09
OSV
linux-azure-fde-5.15 vulnerabilities2023-09-06
OSV
linux-azure-5.4 vulnerabilities2023-09-04
OSV
linux-azure vulnerabilities2023-08-31
OSV
linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities2023-08-31

📋Vendor Advisories

15
CISA ICS
Siemens SCALANCE W7002025-02-13
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2023-09-06
Ubuntu
Linux kernel (Azure) vulnerabilities2023-09-04
Ubuntu
Linux kernel (Azure) vulnerabilities2023-08-31

💬Community

1
Bugzilla
CVE-2023-2194 kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()2023-04-20
CVE-2023-2194 — Out-of-bounds Write in Linux Kernel | cvebase