fkie_cve-2023-52754
Vulnerability from fkie_nvd
Published
2024-05-21 16:15
Modified
2024-11-21 08:40
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB interfaces, and at the probe of the second interface, the driver assumes blindly that the first interface got bound with the same imon driver. It's usually true, but it's still possible that the first interface is bound with another driver via a malformed descriptor. Then it may lead to a memory corruption, as spotted by syzkaller; imon driver accesses the data from drvdata as struct imon_context object although it's a completely different one that was assigned by another driver. This patch adds a sanity check -- whether the first interface is really bound with the imon driver or not -- for avoiding the problem above at the probe time.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e
Impacted products
Vendor Product Version


To clipboard 

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imon: fix access to invalid resource for the second interface\n\nimon driver probes two USB interfaces, and at the probe of the second\ninterface, the driver assumes blindly that the first interface got\nbound with the same imon driver.  It's usually true, but it's still\npossible that the first interface is bound with another driver via a\nmalformed descriptor.  Then it may lead to a memory corruption, as\nspotted by syzkaller; imon driver accesses the data from drvdata as\nstruct imon_context object although it's a completely different one\nthat was assigned by another driver.\n\nThis patch adds a sanity check -- whether the first interface is\nreally bound with the imon driver or not -- for avoiding the problem\nabove at the probe time.",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: imon: corrige el acceso a un recurso no válido para la segunda interfaz. El controlador imon prueba dos interfaces USB y, en la prueba de la segunda interfaz, el controlador asume ciegamente que la primera interfaz obtuvo atado con el mismo conductor imon. Generalmente es cierto, pero aún es posible que la primera interfaz esté vinculada con otro controlador a través de un descriptor con formato incorrecto. Entonces puede provocar una corrupción de la memoria, como descubrió syzkaller; El controlador imon accede a los datos de drvdata como objeto struct imon_context aunque es uno completamente diferente asignado por otro controlador. Este parche agrega una verificación de cordura (si la primera interfaz está realmente vinculada con el controlador imon o no) para evitar el problema anterior en el momento de la prueba.",
      },
   ],
   id: "CVE-2023-52754",
   lastModified: "2024-11-21T08:40:31.083",
   metrics: {},
   published: "2024-05-21T16:15:14.970",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Awaiting Analysis",
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.