Bug 1221271 (CVE-2023-52495)

Summary: VUL-0: CVE-2023-52495: kernel: soc: qcom: pmic_glink_altmode: fix port sanity check
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: ivan.ivanov, rfrohl
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/397136/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-03-12 08:50:44 UTC 
In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: pmic_glink_altmode: fix port sanity check

The PMIC GLINK altmode driver currently supports at most two ports.

Fix the incomplete port sanity check on notifications to avoid
accessing and corrupting memory beyond the port array if we ever get a
notification for an unsupported port.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52495
https://www.cve.org/CVERecord?id=CVE-2023-52495
https://git.kernel.org/stable/c/532a5557da6892a6b2d5793052e1bce1f4c9e177
https://git.kernel.org/stable/c/c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0
https://git.kernel.org/stable/c/d26edf4ee3672cc9828f2a3ffae34086a712574d
Comment 12 Ivan Ivanov 2024-04-12 14:20:27 UTC 
c4fb7d2eac9f ("soc: qcom: pmic_glink_altmode: fix port sanity check") merged v6.8-rc1~129^2~11^2~19
Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") merged v6.3-rc1~61^2~2^2~15^2
Security fix for CVE-2023-52495 bsc#1221271 with CVSS unknown
............................
EVERYTHING IS OK!

Back to secuirty team.
Comment 19 Andrea Mattiazzo 2024-06-07 12:21:52 UTC 
All done, closing.