| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052146-CVE-2023-52756-f694@gregkh> Date: Tue, 21 May 2024 17:30:52 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2023-52756: pwm: Fix double shift bug Description =========== In the Linux kernel, the following vulnerability has been resolved: pwm: Fix double shift bug These enums are passed to set/test_bit(). The set/test_bit() functions take a bit number instead of a shifted value. Passing a shifted value is a double shift bug like doing BIT(BIT(1)). The double shift bug doesn't cause a problem here because we are only checking 0 and 1 but if the value was 5 or above then it can lead to a buffer overflow. The Linux kernel CVE team has assigned CVE-2023-52756 to this issue. Affected and fixed versions =========================== Fixed in 4.14.331 with commit bce1f7c7e981 Fixed in 4.19.300 with commit a98ff250b5af Fixed in 5.4.262 with commit eca19db60f99 Fixed in 5.10.202 with commit e52518b9cb9f Fixed in 5.15.140 with commit a7ee519e8095 Fixed in 6.1.64 with commit 1fb3a9c59e7f Fixed in 6.5.13 with commit c19a8794bf4f Fixed in 6.6.3 with commit 45d0a298e05a Fixed in 6.7 with commit d27abbfd4888 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52756 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: include/linux/pwm.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/bce1f7c7e9812da57de1dda293cba87c693e9958 https://git.kernel.org/stable/c/a98ff250b5af87f92f17bb9725cb21de1931ee57 https://git.kernel.org/stable/c/eca19db60f99925461f49c3fd743733881395728 https://git.kernel.org/stable/c/e52518b9cb9fc98fc043c8fb2b8cfc619ca8a88b https://git.kernel.org/stable/c/a7ee519e8095d9c834086d0ff40da11415e1e4d7 https://git.kernel.org/stable/c/1fb3a9c59e7f7d2b1d737a0d6e02e31d5b516455 https://git.kernel.org/stable/c/c19a8794bf4fe45cff997f07a75ea84cc9e5d89c https://git.kernel.org/stable/c/45d0a298e05adee521f6fe605d6a88341ba07edd https://git.kernel.org/stable/c/d27abbfd4888d79dd24baf50e774631046ac4732
Powered by blists - more mailing lists