Bug 1221021 (CVE-2023-52512)

Summary: VUL-0: CVE-2023-52512: kernel: pinctrl: nuvoton: wpcm450: fix out of bounds write
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: ivan.ivanov, rfrohl
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/396061/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-52512:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-03-06 07:54:17 UTC 
In the Linux kernel, the following vulnerability has been resolved:

pinctrl: nuvoton: wpcm450: fix out of bounds write

Write into 'pctrl->gpio_bank' happens before the check for GPIO index
validity, so out of bounds write may happen.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52512
https://www.cve.org/CVERecord?id=CVE-2023-52512
https://git.kernel.org/stable/c/6c18c386fd13dbb3ff31a1086dabb526780d9bda
https://git.kernel.org/stable/c/87d315a34133edcb29c4cadbf196ec6c30dfd47b
https://git.kernel.org/stable/c/c9d7cac0fd27c74dd368e80dc4b5d0f9f2e13cf8
https://bugzilla.redhat.com/show_bug.cgi?id=2267771
Comment 10 Ivan Ivanov 2024-04-12 14:53:49 UTC 
EVERYTHING IS OK! Back to security team.
Comment 16 Andrea Mattiazzo 2024-05-29 12:16:51 UTC 
All done, closing.