PT-2023-9696 · Linux+3 · Linux Kernel+3

Published

2023-10-05

Updated

2025-02-03

CVE-2023-52794

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a mismatch in the get function for max idle in the intel powerclamp component of the Linux kernel, specifically with the param get int function. This mismatch can lead to a global-out-of-bounds error, as reported by KASAN. The error occurs when reading a size of 4 at a specific address by a task, and it belongs to the variable max idle. Replacing param get int with param get byte resolves this issue.

Recommendations To resolve this issue, replace the param get int function with param get byte in the intel powerclamp component of the Linux kernel. This change should fix the mismatch in the get function for max idle and prevent the global-out-of-bounds error.

Exploit

Fix

Out of bounds Read

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-20

Related Identifiers

BDU:2024-10196

CVE-2023-52794

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2023-9696 · Linux+3 · Linux Kernel+3

CVE-2023-52794

Weakness Enumeration

Related Identifiers

Affected Products

References · 1927