CVE-2023-52766 i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler

2024-05-2115:30:50

Linux

github.com

linux kernel

vulnerability resolved

out of bounds access

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler

Do not loop over ring headers in hci_dma_irq_handler() that are not
allocated and enabled in hci_dma_init(). Otherwise out of bounds access
will occur from rings->headers[i] access when i >= number of allocated
ring headers.

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "d23ad76f240c",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "8be39f66915b",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "7c2b91b30d74",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "4c86cb2321bd",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "1da177e4c3f4",
        "lessThan": "45a832f989e5",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "drivers/i3c/master/mipi-i3c-hci/dma.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "unaffected",
        "version": "5.15.140",
        "versionType": "custom",
        "lessThanOrEqual": "5.15.*"
      },
      {
        "status": "unaffected",
        "version": "6.1.64",
        "versionType": "custom",
        "lessThanOrEqual": "6.1.*"
      },
      {
        "status": "unaffected",
        "version": "6.5.13",
        "versionType": "custom",
        "lessThanOrEqual": "6.5.*"
      },
      {
        "status": "unaffected",
        "version": "6.6.3",
        "versionType": "custom",
        "lessThanOrEqual": "6.6.*"
      },
      {
        "status": "unaffected",
        "version": "6.7",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "drivers/i3c/master/mipi-i3c-hci/dma.c"
    ],
    "defaultStatus": "affected"
  }
]