cve/published/2023/CVE-2023-52766.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-52766: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler

 Do not loop over ring headers in hci_dma_irq_handler() that are not
 allocated and enabled in hci_dma_init(). Otherwise out of bounds access
 will occur from rings->headers[i] access when i >= number of allocated
 ring headers.

 The Linux kernel CVE team has assigned CVE-2023-52766 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 5.15.140 with commit d23ad76f240c0f597b7a9eb79905d246f27d40df
 	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.1.64 with commit 8be39f66915b40d26ea2c18ba84b5c3d5da6809b
 	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.5.13 with commit 7c2b91b30d74d7c407118ad72502d4ca28af1af6
 	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.6.3 with commit 4c86cb2321bd9c72d3b945ce7f747961beda8e65
 	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.7 with commit 45a832f989e520095429589d5b01b0c65da9b574

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-52766
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/i3c/master/mipi-i3c-hci/dma.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df
 	https://git.kernel.org/stable/c/8be39f66915b40d26ea2c18ba84b5c3d5da6809b
 	https://git.kernel.org/stable/c/7c2b91b30d74d7c407118ad72502d4ca28af1af6
 	https://git.kernel.org/stable/c/4c86cb2321bd9c72d3b945ce7f747961beda8e65
 	https://git.kernel.org/stable/c/45a832f989e520095429589d5b01b0c65da9b574
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-52766: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler

	Do not loop over ring headers in hci_dma_irq_handler() that are not
	allocated and enabled in hci_dma_init(). Otherwise out of bounds access
	will occur from rings->headers[i] access when i >= number of allocated
	ring headers.

	The Linux kernel CVE team has assigned CVE-2023-52766 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 5.15.140 with commit d23ad76f240c0f597b7a9eb79905d246f27d40df
	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.1.64 with commit 8be39f66915b40d26ea2c18ba84b5c3d5da6809b
	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.5.13 with commit 7c2b91b30d74d7c407118ad72502d4ca28af1af6
	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.6.3 with commit 4c86cb2321bd9c72d3b945ce7f747961beda8e65
	Issue introduced in 5.0 with commit 3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 and fixed in 6.7 with commit 45a832f989e520095429589d5b01b0c65da9b574

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52766
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/i3c/master/mipi-i3c-hci/dma.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/d23ad76f240c0f597b7a9eb79905d246f27d40df
	https://git.kernel.org/stable/c/8be39f66915b40d26ea2c18ba84b5c3d5da6809b
	https://git.kernel.org/stable/c/7c2b91b30d74d7c407118ad72502d4ca28af1af6
	https://git.kernel.org/stable/c/4c86cb2321bd9c72d3b945ce7f747961beda8e65
	https://git.kernel.org/stable/c/45a832f989e520095429589d5b01b0c65da9b574