PT-2023-2684 · Linux+9 · Linux Kernel+9

Wei Chen

·

Published

2023-03-16

·

Updated

2024-11-21

·

CVE-2023-2194

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An out-of-bounds write issue was found in the Linux kernel's SLIMpro I2C device driver. The data->block[0] variable from userspace was not limited to a value between 0-255 and was used as the size of a memcpy(), possibly writing beyond the end of dma buffer. This could allow a local privileged user to crash the system or potentially achieve code execution.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2023:3708
ALSA-2023:3723
ALSA-2023:4517
ALSA-2023:4541
ALT-PU-2023-1878
ALT-PU-2023-1881
ALT-PU-2023-1944
ALT-PU-2023-4663
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-26317
BDU:2023-02524
CESA-2023_4517
CESA-2023_4541
CVE-2023-2194
DLA-3403-1
DLA-3404-1
OESA-2023-1274
OESA-2023-1275
OESA-2023-1276
OESA-2023-1277
RHSA-2023:3708
RHSA-2023:3723
RHSA-2023:4517
RHSA-2023:4541
RHSA-2023_3708
RHSA-2023_3723
RHSA-2023_4517
RHSA-2023_4541
RHSA-2024:0412
RLSA-2023:4517
RLSA-2023:4541
SUSE-SU-2023:2501-1
SUSE-SU-2023:2502-1
SUSE-SU-2023:2507-1
SUSE-SU-2023:2534-1
SUSE-SU-2023:2537-1
SUSE-SU-2023:2538-1
SUSE-SU-2023:2611-1
SUSE-SU-2023:2651-1
SUSE-SU-2023:2805-1
USN-6175-1
USN-6186-1
USN-6284-1
USN-6300-1
USN-6301-1
USN-6311-1
USN-6312-1
USN-6314-1
USN-6331-1
USN-6332-1
USN-6337-1
USN-6347-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu