Описание
In the Linux kernel, the following vulnerability has been resolved:
pwm: Fix double shift bug
These enums are passed to set/test_bit(). The set/test_bit() functions take a bit number instead of a shifted value. Passing a shifted value is a double shift bug like doing BIT(BIT(1)). The double shift bug doesn't cause a problem here because we are only checking 0 and 1 but if the value was 5 or above then it can lead to a buffer overflow.
In the Linux kernel, the following vulnerability has been resolved:
pwm: Fix double shift bug
These enums are passed to set/test_bit(). The set/test_bit() functions take a bit number instead of a shifted value. Passing a shifted value is a double shift bug like doing BIT(BIT(1)). The double shift bug doesn't cause a problem here because we are only checking 0 and 1 but if the value was 5 or above then it can lead to a buffer overflow.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-52756
- https://git.kernel.org/stable/c/1fb3a9c59e7f7d2b1d737a0d6e02e31d5b516455
- https://git.kernel.org/stable/c/45d0a298e05adee521f6fe605d6a88341ba07edd
- https://git.kernel.org/stable/c/a7ee519e8095d9c834086d0ff40da11415e1e4d7
- https://git.kernel.org/stable/c/a98ff250b5af87f92f17bb9725cb21de1931ee57
- https://git.kernel.org/stable/c/bce1f7c7e9812da57de1dda293cba87c693e9958
- https://git.kernel.org/stable/c/c19a8794bf4fe45cff997f07a75ea84cc9e5d89c
- https://git.kernel.org/stable/c/d27abbfd4888d79dd24baf50e774631046ac4732
- https://git.kernel.org/stable/c/e52518b9cb9fc98fc043c8fb2b8cfc619ca8a88b
- https://git.kernel.org/stable/c/eca19db60f99925461f49c3fd743733881395728
CVE ID
Связанные уязвимости
[REJECTED CVE] A double shift vulnerability was identified in the Linux kernel's pwm subsystem. The issue involves passing a shifted value instead of a bit number to set/test_bit() functions, resulting in a double shift (e.g., BIT(BIT(1))). While this doesn't cause problems for values 0 or 1, values of 5 or higher could lead to a buffer overflow, potentially allowing attackers to cause a denial of service.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
