PT-2023-9696 · Linux+3 · Linux Kernel+3
Publicado
2023-10-05
·
Atualizado
2025-02-03
·
CVE-2023-52794
CVSS v3.1
7.1
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a mismatch in the get function for max idle in the intel powerclamp component of the Linux kernel, specifically with the
param get int function. This mismatch can lead to a global-out-of-bounds error, as reported by KASAN. The error occurs when reading a size of 4 at a specific address by a task, and it belongs to the variable max idle. Replacing param get int with param get byte resolves this issue.Recommendations
To resolve this issue, replace the
param get int function with param get byte in the intel powerclamp component of the Linux kernel. This change should fix the mismatch in the get function for max idle and prevent the global-out-of-bounds error.Exploit
Correção
Out of bounds Read
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Astra Linux
Linux Kernel
Red Os
Suse