CVE-2023-52916Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedSep 6
Latest updateSep 10

Description

In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce this issue: 1. Use 1600x900 to display on host 2. Mount ISO through 'Virtual media' on OpenBMC's web 3. Run script as below on host to do sha continuously #!/bin/bash while [ [1] ]; do find /media -type f -printf '"%h/%f"\n' | xargs sha256sum done 4. Open KVM on OpenBMC'

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel5.06.1.120+1
Debianlinux/linux_kernel< 6.1.123-1+2
CVEListV5linux/linuxd2b4387f3bdf016e266d23cf657465f5577214884c823e4027dd1d6e88c31028dec13dd19bc7b02d+2
debiandebian/linux< linux 6.1.123-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-52916: In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900,2024-09-06
GHSA
GHSA-722x-w6hg-5675: In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x902024-09-06

📋Vendor Advisories

3
Microsoft
media: aspeed: Fix memory overwrite if timing is 1600x9002024-09-10
Red Hat
kernel: media: aspeed: Fix memory overwrite if timing is 1600x9002024-09-06
Debian
CVE-2023-52916: linux - In the Linux kernel, the following vulnerability has been resolved: media: aspe...2023