{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52861", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.261Z", "datePublished": "2024-05-21T15:31:53.904Z", "dateUpdated": "2024-11-04T14:54:04.183Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:54:04.183Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: it66121: Fix invalid connector dereference\n\nFix the NULL pointer dereference when no monitor is connected, and the\nsound card is opened from userspace.\n\nInstead return an empty buffer (of zeroes) as the EDID information to\nthe sound framework if there is no connector attached."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/bridge/ite-it66121.c"], "versions": [{"version": "e0fd83dbe924", "lessThan": "2c80c4f0d284", "status": "affected", "versionType": "git"}, {"version": "e0fd83dbe924", "lessThan": "1669d7b21a66", "status": "affected", "versionType": "git"}, {"version": "e0fd83dbe924", "lessThan": "1374561a7cbc", "status": "affected", "versionType": "git"}, {"version": "e0fd83dbe924", "lessThan": "d0375f6858c4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/bridge/ite-it66121.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.63", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.12", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.2", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331"}, {"url": "https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc"}, {"url": "https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86"}, {"url": "https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd"}], "title": "drm: bridge: it66121: Fix invalid connector dereference", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52861", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:51:01.322814Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "e0fd83dbe924"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.19"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.1.63"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.5.12"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.6.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.7"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:22:59.483Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.979Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.979Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52861", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:51:01.322814Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "e0fd83dbe924"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.19"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.1.63"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.5.12"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.6.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "6.7"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-21T18:50:34.586Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "drm: bridge: it66121: Fix invalid connector dereference", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e0fd83dbe924", "lessThan": "2c80c4f0d284", "versionType": "git"}, {"status": "affected", "version": "e0fd83dbe924", "lessThan": "1669d7b21a66", "versionType": "git"}, {"status": "affected", "version": "e0fd83dbe924", "lessThan": "1374561a7cbc", "versionType": "git"}, {"status": "affected", "version": "e0fd83dbe924", "lessThan": "d0375f6858c4", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/bridge/ite-it66121.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.19"}, {"status": "unaffected", "version": "0", "lessThan": "5.19", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.63", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.12", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6.2", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/bridge/ite-it66121.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331"}, {"url": "https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc"}, {"url": "https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86"}, {"url": "https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: it66121: Fix invalid connector dereference\n\nFix the NULL pointer dereference when no monitor is connected, and the\nsound card is opened from userspace.\n\nInstead return an empty buffer (of zeroes) as the EDID information to\nthe sound framework if there is no connector attached."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:54:04.183Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52861", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:54:04.183Z", "dateReserved": "2024-05-21T15:19:24.261Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:31:53.904Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: it66121: Fix invalid connector dereference\n\nFix the NULL pointer dereference when no monitor is connected, and the\nsound card is opened from userspace.\n\nInstead return an empty buffer (of zeroes) as the EDID information to\nthe sound framework if there is no connector attached."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: bridge: it66121: Corrige la desreferencia del conector no v\u00e1lido. Corrige la desreferencia del puntero NULL cuando no hay ning\u00fan monitor conectado y la tarjeta de sonido se abre desde el espacio de usuario. En su lugar, devuelva un b\u00fafer vac\u00edo (de ceros) como informaci\u00f3n EDID al sistema de sonido si no hay ning\u00fan conector conectado."}], "id": "CVE-2023-52861", "lastModified": "2024-07-03T01:44:07.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-21T16:15:23.073", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: drm: bridge: it66121: Fix invalid connector dereference", "id": "2282685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282685"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm: bridge: it66121: Fix invalid connector dereference\nFix the NULL pointer dereference when no monitor is connected, and the\nsound card is opened from userspace.\nInstead return an empty buffer (of zeroes) as the EDID information to\nthe sound framework if there is no connector attached."], "name": "CVE-2023-52861", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52861\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52861\nhttps://lore.kernel.org/linux-cve-announce/2024052117-CVE-2023-52861-acb2@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.63, kernel 6.5.12, kernel 6.6.2, kernel 6.7"}