{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52754", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.235Z", "datePublished": "2024-05-21T15:30:42.198Z", "dateUpdated": "2024-11-04T14:52:04.628Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:52:04.628Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imon: fix access to invalid resource for the second interface\n\nimon driver probes two USB interfaces, and at the probe of the second\ninterface, the driver assumes blindly that the first interface got\nbound with the same imon driver. It's usually true, but it's still\npossible that the first interface is bound with another driver via a\nmalformed descriptor. Then it may lead to a memory corruption, as\nspotted by syzkaller; imon driver accesses the data from drvdata as\nstruct imon_context object although it's a completely different one\nthat was assigned by another driver.\n\nThis patch adds a sanity check -- whether the first interface is\nreally bound with the imon driver or not -- for avoiding the problem\nabove at the probe time."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/rc/imon.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "0f5068519f89", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "5e0b788fb96b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "b083aaf5db2e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "10ec5a97f8f5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "2a493a34bd6e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a1766a4fd83b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/rc/imon.c"], "versions": [{"version": "5.10.202", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.140", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.64", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.13", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.3", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f"}, {"url": "https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a"}, {"url": "https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e"}, {"url": "https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9"}, {"url": "https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f"}, {"url": "https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7"}], "title": "media: imon: fix access to invalid resource for the second interface", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52754", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:42:53.248204Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:22:36.610Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.519Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.519Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52754", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:42:53.248204Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.462Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "media: imon: fix access to invalid resource for the second interface", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "0f5068519f89", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "5e0b788fb96b", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "b083aaf5db2e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "10ec5a97f8f5", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "2a493a34bd6e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a1766a4fd83b", "versionType": "git"}], "programFiles": ["drivers/media/rc/imon.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.202", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.140", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.64", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.13", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6.3", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/media/rc/imon.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f"}, {"url": "https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a"}, {"url": "https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e"}, {"url": "https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9"}, {"url": "https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f"}, {"url": "https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imon: fix access to invalid resource for the second interface\n\nimon driver probes two USB interfaces, and at the probe of the second\ninterface, the driver assumes blindly that the first interface got\nbound with the same imon driver. It's usually true, but it's still\npossible that the first interface is bound with another driver via a\nmalformed descriptor. Then it may lead to a memory corruption, as\nspotted by syzkaller; imon driver accesses the data from drvdata as\nstruct imon_context object although it's a completely different one\nthat was assigned by another driver.\n\nThis patch adds a sanity check -- whether the first interface is\nreally bound with the imon driver or not -- for avoiding the problem\nabove at the probe time."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:52:04.628Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52754", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:52:04.628Z", "dateReserved": "2024-05-21T15:19:24.235Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:30:42.198Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imon: fix access to invalid resource for the second interface\n\nimon driver probes two USB interfaces, and at the probe of the second\ninterface, the driver assumes blindly that the first interface got\nbound with the same imon driver. It's usually true, but it's still\npossible that the first interface is bound with another driver via a\nmalformed descriptor. Then it may lead to a memory corruption, as\nspotted by syzkaller; imon driver accesses the data from drvdata as\nstruct imon_context object although it's a completely different one\nthat was assigned by another driver.\n\nThis patch adds a sanity check -- whether the first interface is\nreally bound with the imon driver or not -- for avoiding the problem\nabove at the probe time."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: medios: imon: corrige el acceso a un recurso no v\u00e1lido para la segunda interfaz. El controlador imon prueba dos interfaces USB y, en la prueba de la segunda interfaz, el controlador asume ciegamente que la primera interfaz obtuvo atado con el mismo conductor imon. Generalmente es cierto, pero a\u00fan es posible que la primera interfaz est\u00e9 vinculada con otro controlador a trav\u00e9s de un descriptor con formato incorrecto. Entonces puede provocar una corrupci\u00f3n de la memoria, como descubri\u00f3 syzkaller; El controlador imon accede a los datos de drvdata como objeto struct imon_context aunque es uno completamente diferente asignado por otro controlador. Este parche agrega una verificaci\u00f3n de cordura (si la primera interfaz est\u00e1 realmente vinculada con el controlador imon o no) para evitar el problema anterior en el momento de la prueba."}], "id": "CVE-2023-52754", "lastModified": "2024-05-21T16:53:56.550", "metrics": {}, "published": "2024-05-21T16:15:14.970", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: media: imon: fix access to invalid resource for the second interface", "id": "2282661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282661"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: imon: fix access to invalid resource for the second interface\nimon driver probes two USB interfaces, and at the probe of the second\ninterface, the driver assumes blindly that the first interface got\nbound with the same imon driver. It's usually true, but it's still\npossible that the first interface is bound with another driver via a\nmalformed descriptor. Then it may lead to a memory corruption, as\nspotted by syzkaller; imon driver accesses the data from drvdata as\nstruct imon_context object although it's a completely different one\nthat was assigned by another driver.\nThis patch adds a sanity check -- whether the first interface is\nreally bound with the imon driver or not -- for avoiding the problem\nabove at the probe time."], "name": "CVE-2023-52754", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52754\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52754\nhttps://lore.kernel.org/linux-cve-announce/2024052145-CVE-2023-52754-9725@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.10.202, kernel 5.15.140, kernel 6.1.64, kernel 6.5.13, kernel 6.6.3, kernel 6.7"}