CVE-2023-53465Out-of-bounds Read in Linux

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write5 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 96.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: soundwire: qcom: fix storing port config out-of-bounds The 'qcom_swrm_ctrl->pconfig' has size of QCOM_SDW_MAX_PORTS (14), however we index it starting from 1, not 0, to match real port numbers. This can lead to writing port config past 'pconfig' bounds and overwriting next member of 'qcom_swrm_ctrl' struct. Reported also by smatch: drivers/soundwire/qcom.c:1269 qcom_swrm_get_port_config() error: buffer overflow 'ctrl->pconfig

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel5.135.15.121+2
Debianlinux/linux_kernel< 6.1.52-1+2
CVEListV5linux/linux9916c02ccd74e672b62dd1a9017ac2f237ebf51220f7c4d51c94abb1a1a7c21900db4fb5afe5c8ff+4
debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-qhgr-vhx2-3qm4: In the Linux kernel, the following vulnerability has been resolved: soundwire: qcom: fix storing port config out-of-bounds The 'qcom_swrm_ctrl->pcon2025-10-01
OSV
CVE-2023-53465: In the Linux kernel, the following vulnerability has been resolved: soundwire: qcom: fix storing port config out-of-bounds The 'qcom_swrm_ctrl->pconfi2025-10-01

📋Vendor Advisories

2
Red Hat
kernel: soundwire: qcom: fix storing port config out-of-bounds2025-10-01
Debian
CVE-2023-53465: linux - In the Linux kernel, the following vulnerability has been resolved: soundwire: ...2023