| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123026-CVE-2023-54282-dab4@gregkh> Date: Tue, 30 Dec 2025 13:23:35 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54282: media: tuners: qt1010: replace BUG_ON with a regular error From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUG_ON with a regular error BUG_ON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tuners/qt1010.c:350 qt1010_init() error: buffer overflow 'i2c_data' 34 <= 34 The Linux kernel CVE team has assigned CVE-2023-54282 to this issue. Affected and fixed versions =========================== Fixed in 4.14.326 with commit 6cae780862d221106626b2b5fb21a197f398c6ec Fixed in 4.19.295 with commit f844bc3a47d8d1c55a4a9cfca38c538e9df7e678 Fixed in 5.4.257 with commit 641e60223971e95472a2a9646b1e7f94d441de45 Fixed in 5.10.197 with commit 2ae53dd15eef90d34fc084b5b2305a67bb675a26 Fixed in 5.15.133 with commit 48bb6a9fa5cb150ac2a22b3c779c96bc0ed21071 Fixed in 6.1.55 with commit 257092cb544c7843376b3e161f789e666ef06c98 Fixed in 6.5.5 with commit 1a6bf53fffe0b7ebe2a0f402b44f14f90cffd164 Fixed in 6.6 with commit ee630b29ea44d1851bb6c903f400956604834463 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54282 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/tuners/qt1010.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6cae780862d221106626b2b5fb21a197f398c6ec https://git.kernel.org/stable/c/f844bc3a47d8d1c55a4a9cfca38c538e9df7e678 https://git.kernel.org/stable/c/641e60223971e95472a2a9646b1e7f94d441de45 https://git.kernel.org/stable/c/2ae53dd15eef90d34fc084b5b2305a67bb675a26 https://git.kernel.org/stable/c/48bb6a9fa5cb150ac2a22b3c779c96bc0ed21071 https://git.kernel.org/stable/c/257092cb544c7843376b3e161f789e666ef06c98 https://git.kernel.org/stable/c/1a6bf53fffe0b7ebe2a0f402b44f14f90cffd164 https://git.kernel.org/stable/c/ee630b29ea44d1851bb6c903f400956604834463
Powered by blists - more mailing lists