Bug 1221021 (CVE-2023-52512) - VUL-0: CVE-2023-52512: kernel: pinctrl: nuvoton: wpcm450: fix out of bounds write
Summary: VUL-0: CVE-2023-52512: kernel: pinctrl: nuvoton: wpcm450: fix out of bounds w...
Status: RESOLVED FIXED
Alias: CVE-2023-52512
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/396061/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-52512:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-06 07:54 UTC by SMASH SMASH
Modified: 2024-06-25 18:17 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-03-06 07:54:17 UTC 
In the Linux kernel, the following vulnerability has been resolved:

pinctrl: nuvoton: wpcm450: fix out of bounds write

Write into 'pctrl->gpio_bank' happens before the check for GPIO index
validity, so out of bounds write may happen.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52512
https://www.cve.org/CVERecord?id=CVE-2023-52512
https://git.kernel.org/stable/c/6c18c386fd13dbb3ff31a1086dabb526780d9bda
https://git.kernel.org/stable/c/87d315a34133edcb29c4cadbf196ec6c30dfd47b
https://git.kernel.org/stable/c/c9d7cac0fd27c74dd368e80dc4b5d0f9f2e13cf8
https://bugzilla.redhat.com/show_bug.cgi?id=2267771
Comment 10 Ivan Ivanov 2024-04-12 14:53:49 UTC 
EVERYTHING IS OK! Back to security team.
Comment 16 Andrea Mattiazzo 2024-05-29 12:16:51 UTC 
All done, closing.