Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-53059

Опубликовано: 02 мая 2025
Источник: redhat
CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger insize in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtFix deferred
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:931512.11.2024
Red Hat Enterprise Linux 9kernelFixedRHSA-2024:931512.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2363701kernel: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-53059

CVSS3: 7.1
ubuntu
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74

nvd логотип

CVE-2023-53059

CVSS3: 7.1
nvd
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74

debian логотип

CVE-2023-53059

CVSS3: 7.1
debian
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: p ...

github логотип

GHSA-6jxj-r3pv-7wf7

CVSS3: 7.1
github
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by using zeroed memory. [1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74

fstec логотип

BDU:2025-06020

CVSS3: 5.5
fstec
почти 3 года назад

Уязвимость модуля drivers/platform/chrome/cros_ec_chardev.c ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

5.5 Medium

CVSS3