CVE-2023-52495
Last modified
CVE-2023-52495 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix port sanity check The PMIC GLINK altmode driver currently supports at most two ports. Fix the incomplete port sanity check on notifications to avoid accessing and corrupting memory beyond the port array if we ever get a notification for an unsupported port.. EPSS estimates a 0.28% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix port sanity check The PMIC GLINK altmode driver currently supports at most two ports. Fix the incomplete port sanity check on notifications to avoid accessing and corrupting memory beyond the port array if we ever get a notification for an unsupported port.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.3, < 6.6.15 |
| Linux | Linux Kernel | >= 6.7, < 6.7.3 |
References
- https://git.kernel.org/stable/c/532a5557da6892a6b2d5793052e1bce1f4c9e177Mailing List, Patch
- https://git.kernel.org/stable/c/c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0Mailing List, Patch
- https://git.kernel.org/stable/c/d26edf4ee3672cc9828f2a3ffae34086a712574dMailing List, Patch
- https://git.kernel.org/stable/c/532a5557da6892a6b2d5793052e1bce1f4c9e177Mailing List, Patch
- https://git.kernel.org/stable/c/c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0Mailing List, Patch
- https://git.kernel.org/stable/c/d26edf4ee3672cc9828f2a3ffae34086a712574dMailing List, Patch
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-52495?
How severe is CVE-2023-52495?
How do I fix CVE-2023-52495?
Are you affected by CVE-2023-52495?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST