CVE-2023-52649 : In the Linux kernel, the following vulnerability has been resolved: drm/vkms: A

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Avoid reading beyond LUT array When the floor LUT index (drm_fixp2int(lut_index) is the last index of the array the ceil LUT index will point to an entry beyond the array. Make sure we guard against it and use the value of the floor LUT index. v3: - Drop bits from commit description that didn't contribute anything of value

Published 2024-05-01 13:15:48

Updated 2024-12-23 19:14:58

Source Linux

View at NVD, CVE.org

Products affected by CVE-2023-52649

Linux » Linux Kernel
Versions from including (>=) 6.8 and before (<) 6.8.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.6 and before (<) 6.6.23
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.7.11
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-52649

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-52649

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-12-23
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	N/A	N/A	RedHat-CVE-2023-52649	2024-05-02
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-52649

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-52649

https://git.kernel.org/stable/c/2fee84030d12d9fddfa874e4562d71761a129277

drm/vkms: Avoid reading beyond LUT array - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/92800aaeff51b8358d1e0a7eb74daf8aa2d7ce9d

drm/vkms: Avoid reading beyond LUT array - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/9556c167673057d48ce4a0da675026fe046654c1

drm/vkms: Avoid reading beyond LUT array - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/046c1184ce60b0a37d48134f17ddbc1f32ce02bd

drm/vkms: Avoid reading beyond LUT array - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2023-52649

Products affected by CVE-2023-52649

Exploit prediction scoring system (EPSS) score for CVE-2023-52649

CVSS scores for CVE-2023-52649

CWE ids for CVE-2023-52649

References for CVE-2023-52649