Bug 1221271 (CVE-2023-52495) - VUL-0: CVE-2023-52495: kernel: soc: qcom: pmic_glink_altmode: fix port sanity check
Summary: VUL-0: CVE-2023-52495: kernel: soc: qcom: pmic_glink_altmode: fix port sanity...
Status: RESOLVED FIXED
Alias: CVE-2023-52495
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/397136/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-12 08:50 UTC by SMASH SMASH
Modified: 2024-06-25 18:20 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-03-12 08:50:44 UTC 
In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: pmic_glink_altmode: fix port sanity check

The PMIC GLINK altmode driver currently supports at most two ports.

Fix the incomplete port sanity check on notifications to avoid
accessing and corrupting memory beyond the port array if we ever get a
notification for an unsupported port.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52495
https://www.cve.org/CVERecord?id=CVE-2023-52495
https://git.kernel.org/stable/c/532a5557da6892a6b2d5793052e1bce1f4c9e177
https://git.kernel.org/stable/c/c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0
https://git.kernel.org/stable/c/d26edf4ee3672cc9828f2a3ffae34086a712574d
Comment 12 Ivan Ivanov 2024-04-12 14:20:27 UTC 
c4fb7d2eac9f ("soc: qcom: pmic_glink_altmode: fix port sanity check") merged v6.8-rc1~129^2~11^2~19
Fixes: 080b4e24852b ("soc: qcom: pmic_glink: Introduce altmode support") merged v6.3-rc1~61^2~2^2~15^2
Security fix for CVE-2023-52495 bsc#1221271 with CVSS unknown
............................
EVERYTHING IS OK!

Back to secuirty team.
Comment 19 Andrea Mattiazzo 2024-06-07 12:21:52 UTC 
All done, closing.