OpenCVE

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:3627	2024-06-05T00:00:00Z
kernel-0:4.18.0-553.5.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:3618	2024-06-05T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558
https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb
https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023
https://lore.kernel.org/linux-cve-announce/2024030254-CVE-2023-52565-07ce@gregkh/
https://nvd.nist.gov/vuln/detail/CVE-2023-52565
https://www.cve.org/CVERecord?id=CVE-2023-52565

History

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-02T21:59:37.505Z

Updated: 2024-11-04T14:48:50.470Z

Reserved: 2024-03-02T21:55:42.567Z

Link: CVE-2023-52565

Vulnrichment

Updated: 2024-08-02T23:03:20.865Z

NVD

Status : Awaiting Analysis

Published: 2024-03-02T22:15:48.980

Modified: 2024-11-21T08:40:04.447

Link: CVE-2023-52565

Redhat

Severity : Low

Publid Date: 2024-03-02T00:00:00Z

Links: CVE-2023-52565 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52565", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-02T21:55:42.567Z", "datePublished": "2024-03-02T21:59:37.505Z", "dateUpdated": "2024-11-04T14:48:50.470Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:50.470Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix OOB read\n\nIf the index provided by the user is bigger than the mask size, we might do\nan out of bound read."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/uvc/uvc_ctrl.c"], "versions": [{"version": "367703c3ec4f", "lessThan": "09635bf4cdd4", "status": "affected", "versionType": "git"}, {"version": "40140eda661e", "lessThan": "8bcf70d787f7", "status": "affected", "versionType": "git"}, {"version": "40140eda661e", "lessThan": "41ebaa5e0eeb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/usb/uvc/uvc_ctrl.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.56", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.6", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558"}, {"url": "https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023"}, {"url": "https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb"}], "title": "media: uvcvideo: Fix OOB read", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.865Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52565", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:56:29.446061Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:36.805Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.865Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52565", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:56:29.446061Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:17.626Z"}}], "cna": {"title": "media: uvcvideo: Fix OOB read", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "367703c3ec4f", "lessThan": "09635bf4cdd4", "versionType": "git"}, {"status": "affected", "version": "40140eda661e", "lessThan": "8bcf70d787f7", "versionType": "git"}, {"status": "affected", "version": "40140eda661e", "lessThan": "41ebaa5e0eeb", "versionType": "git"}], "programFiles": ["drivers/media/usb/uvc/uvc_ctrl.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.3"}, {"status": "unaffected", "version": "0", "lessThan": "6.3", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.56", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.6", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/media/usb/uvc/uvc_ctrl.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/09635bf4cdd4adf2160198a6041bcc7ca46c0558"}, {"url": "https://git.kernel.org/stable/c/8bcf70d787f7d53a3b85ad394f926cfef3eed023"}, {"url": "https://git.kernel.org/stable/c/41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix OOB read\n\nIf the index provided by the user is bigger than the mask size, we might do\nan out of bound read."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:50.470Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52565", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:48:50.470Z", "dateReserved": "2024-03-02T21:55:42.567Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:59:37.505Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"affected_release": [{"advisory": "RHSA-2024:3627", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3618", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.5.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu()", "id": "2267724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267724"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: uvcvideo: Fix OOB read\nIf the index provided by the user is bigger than the mask size, we might do\nan out of bound read."], "name": "CVE-2023-52565", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52565\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52565\nhttps://lore.kernel.org/linux-cve-announce/2024030254-CVE-2023-52565-07ce@gregkh/"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.56, kernel 6.5.6, kernel 6.6"}