CVE-2023-52754

2024-05-2100:00:00

ubuntu.com

linux kernel

media

imon driver

vulnerability

memory corruption

AI Score

6.6

Confidence

Low

EPSS

Percentile

10.3%

JSON

In the Linux kernel, the following vulnerability has been resolved: media:
imon: fix access to invalid resource for the second interface imon driver
probes two USB interfaces, and at the probe of the second interface, the
driver assumes blindly that the first interface got bound with the same
imon driver. It’s usually true, but it’s still possible that the first
interface is bound with another driver via a malformed descriptor. Then it
may lead to a memory corruption, as spotted by syzkaller; imon driver
accesses the data from drvdata as struct imon_context object although it’s
a completely different one that was assigned by another driver. This patch
adds a sanity check – whether the first interface is really bound with the
imon driver or not – for avoiding the problem above at the probe time.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure< anyUNKNOWN
ubuntu20.04noarchlinux-azure-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-azure-6.5< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< any	UNKNOWN