PT-2023-9474 · Linux+3 · Linux Kernel+3
Kai-Heng Feng
·
Publicado
2023-10-05
·
Atualizado
2025-01-13
·
CVE-2023-52519
CVSS v3.1
7.1
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to the HID intel-ish-hid ipc component in the Linux kernel. It involves the handling of the ACPI GPE bit, which is used for wake-up capabilities on EHL (Elkhart Lake) based platforms. When the system is in the S5 (Soft-Off) state, the OOB (Out of band) service allows the device to wake up. However, the BIOS clearing of the wakeup bit on resume does not decrement the internal OS GPE reference count, leading to a potential reference count overflow when the driver re-enables the bit. To resolve this, the driver needs to first disable and then re-enable the ACPI GPE bit using the acpi disable gpe() function.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Linux Kernel
Red Os
Suse