Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-52794

Опубликовано: 21 мая 2024
Источник: nvd
CVSS3: 7.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

thermal: intel: powerclamp: fix mismatch in get function for max_idle

KASAN reported this

[ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2105 ... [ 444.853442] The buggy address belongs to the variable: [ 444.853443] max_idle+0x0/0xffffffffffffcde0 [intel_powerclamp]

There is a mismatch between the param_get_int and the definition of max_idle. Replacing param_get_int with param_get_byte resolves this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.3 (включая) до 6.5.13 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.6 (включая) до 6.6.3 (исключая)

EPSS

Процентиль: 12%
0.00041
Низкий

7.1 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2023-52794

CVSS3: 7.1
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: powerclamp: fix mismatch in get function for max_idle KASAN reported this [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2105 ... [ 444.853442] The buggy address belongs to the variable: [ 444.853443] max_idle+0x0/0xffffffffffffcde0 [intel_powerclamp] There is a mismatch between the param_get_int and the definition of max_idle. Replacing param_get_int with param_get_byte resolves this issue.

redhat логотип

CVE-2023-52794

CVSS3: 4.4
redhat
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: powerclamp: fix mismatch in get function for max_idle KASAN reported this [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2105 ... [ 444.853442] The buggy address belongs to the variable: [ 444.853443] max_idle+0x0/0xffffffffffffcde0 [intel_powerclamp] There is a mismatch between the param_get_int and the definition of max_idle. Replacing param_get_int with param_get_byte resolves this issue.

debian логотип

CVE-2023-52794

CVSS3: 7.1
debian
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: t ...

github логотип

GHSA-frc8-7f65-3g5r

CVSS3: 7.1
github
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: powerclamp: fix mismatch in get function for max_idle KASAN reported this [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2105 ... [ 444.853442] The buggy address belongs to the variable: [ 444.853443] max_idle+0x0/0xffffffffffffcde0 [intel_powerclamp] There is a mismatch between the param_get_int and the definition of max_idle. Replacing param_get_int with param_get_byte resolves this issue.

fstec логотип

BDU:2024-10196

CVSS3: 5.5
fstec
больше 1 года назад

Уязвимость функции module_param_cb() компонента powerclamp ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 12%
0.00041
Низкий

7.1 High

CVSS3

Дефекты

CWE-125