{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52512", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.316Z", "datePublished": "2024-03-02T21:52:23.932Z", "dateUpdated": "2024-11-06T15:19:29.295Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:19.440Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nuvoton: wpcm450: fix out of bounds write\n\nWrite into 'pctrl->gpio_bank' happens before the check for GPIO index\nvalidity, so out of bounds write may happen.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pinctrl/nuvoton/pinctrl-wpcm450.c"], "versions": [{"version": "a1d1e0e3d80a", "lessThan": "6c18c386fd13", "status": "affected", "versionType": "git"}, {"version": "a1d1e0e3d80a", "lessThan": "c9d7cac0fd27", "status": "affected", "versionType": "git"}, {"version": "a1d1e0e3d80a", "lessThan": "87d315a34133", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pinctrl/nuvoton/pinctrl-wpcm450.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.59", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.8", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/6c18c386fd13dbb3ff31a1086dabb526780d9bda"}, {"url": "https://git.kernel.org/stable/c/c9d7cac0fd27c74dd368e80dc4b5d0f9f2e13cf8"}, {"url": "https://git.kernel.org/stable/c/87d315a34133edcb29c4cadbf196ec6c30dfd47b"}], "title": "pinctrl: nuvoton: wpcm450: fix out of bounds write", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-05T20:29:04.879593Z", "id": "CVE-2023-52512", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T15:19:29.295Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.649Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6c18c386fd13dbb3ff31a1086dabb526780d9bda", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c9d7cac0fd27c74dd368e80dc4b5d0f9f2e13cf8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/87d315a34133edcb29c4cadbf196ec6c30dfd47b", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6c18c386fd13dbb3ff31a1086dabb526780d9bda", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c9d7cac0fd27c74dd368e80dc4b5d0f9f2e13cf8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/87d315a34133edcb29c4cadbf196ec6c30dfd47b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.649Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52512", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T20:29:04.879593Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:15.902Z"}}], "cna": {"title": "pinctrl: nuvoton: wpcm450: fix out of bounds write", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a1d1e0e3d80a", "lessThan": "6c18c386fd13", "versionType": "git"}, {"status": "affected", "version": "a1d1e0e3d80a", "lessThan": "c9d7cac0fd27", "versionType": "git"}, {"status": "affected", "version": "a1d1e0e3d80a", "lessThan": "87d315a34133", "versionType": "git"}], "programFiles": ["drivers/pinctrl/nuvoton/pinctrl-wpcm450.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.18"}, {"status": "unaffected", "version": "0", "lessThan": "5.18", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.59", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.8", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/pinctrl/nuvoton/pinctrl-wpcm450.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6c18c386fd13dbb3ff31a1086dabb526780d9bda"}, {"url": "https://git.kernel.org/stable/c/c9d7cac0fd27c74dd368e80dc4b5d0f9f2e13cf8"}, {"url": "https://git.kernel.org/stable/c/87d315a34133edcb29c4cadbf196ec6c30dfd47b"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nuvoton: wpcm450: fix out of bounds write\n\nWrite into 'pctrl->gpio_bank' happens before the check for GPIO index\nvalidity, so out of bounds write may happen.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:19.440Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52512", "state": "PUBLISHED", "dateUpdated": "2024-11-06T15:19:29.295Z", "dateReserved": "2024-02-20T12:30:33.316Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:52:23.932Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nuvoton: wpcm450: fix out of bounds write\n\nWrite into 'pctrl->gpio_bank' happens before the check for GPIO index\nvalidity, so out of bounds write may happen.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: nuvoton: wpcm450: corregir escritura fuera de los l\u00edmites La escritura en 'pctrl->gpio_bank' ocurre antes de verificar la validez del \u00edndice GPIO, por lo que puede ocurrir una escritura fuera de los l\u00edmites. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "id": "CVE-2023-52512", "lastModified": "2024-11-06T16:35:07.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-02T22:15:47.683", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6c18c386fd13dbb3ff31a1086dabb526780d9bda"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/87d315a34133edcb29c4cadbf196ec6c30dfd47b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c9d7cac0fd27c74dd368e80dc4b5d0f9f2e13cf8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: pinctrl: nuvoton: wpcm450: fix out of bounds write", "id": "2267771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267771"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["In the Linux kernel, the following vulnerability has been resolved:\npinctrl: nuvoton: wpcm450: fix out of bounds write\nWrite into 'pctrl->gpio_bank' happens before the check for GPIO index\nvalidity, so out of bounds write may happen.\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "An out of bounds write was found in drivers/pinctrl/nuvoton/pinctrl-wpcm450.c in the Linux kernel. This may cause a crash."], "name": "CVE-2023-52512", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52512\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52512\nhttps://lore.kernel.org/linux-cve-announce/2024030251-CVE-2023-52512-92f7@gregkh/T/#u"], "statement": "Red Hat has protection mechanisms in place against buffer overflows such as FORTIFY_SOURCE, Position Independent Executables, or Stack Smashing Protection.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.59, kernel 6.5.8, kernel 6.6"}