Vulnerability Details : CVE-2023-52614
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: Fix buffer overflow in trans_stat_show
Fix buffer overflow in trans_stat_show().
Convert simple snprintf to the more secure scnprintf with size of
PAGE_SIZE.
Add condition checking if we are exceeding PAGE_SIZE and exit early from
loop. Also add at the end a warning that we exceeded PAGE_SIZE and that
stats is disabled.
Return -EFBIG in the case where we don't have enough space to write the
full transition table.
Also document in the ABI that this function can return -EFBIG error.
Vulnerability category: Overflow
Products affected by CVE-2023-52614
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-52614
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 1 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-52614
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-12-12 |
|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
N/A
|
N/A
|
RedHat-CVE-2023-52614 | 2024-03-18 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2023-52614 | 2024-03-18 |
CWE ids for CVE-2023-52614
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-52614
-
https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8
PM / devfreq: Fix buffer overflow in trans_stat_show - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f
PM / devfreq: Fix buffer overflow in trans_stat_show - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c
PM / devfreq: Fix buffer overflow in trans_stat_show - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4
PM / devfreq: Fix buffer overflow in trans_stat_show - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87
PM / devfreq: Fix buffer overflow in trans_stat_show - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
[SECURITY] [DLA 3842-1] linux-5.10 security updatePatch
-
https://git.kernel.org/stable/c/087de000e4f8c878c81d9dd3725f00a1d292980c
PM / devfreq: Fix buffer overflow in trans_stat_show - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to