Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2023 / CVE-2023-52864.json
blob: b4408a868b9d94da212a33a2d1e3370a762ae11f [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: wmi: Fix opening of char device\n\nSince commit fa1f68db6ca7 (\"drivers: misc: pass miscdevice pointer via\nfile private data\"), the miscdevice stores a pointer to itself inside\nfilp->private_data, which means that private_data will not be NULL when\nwmi_char_open() is called. This might cause memory corruption should\nwmi_char_open() be unable to find its driver, something which can\nhappen when the associated WMI device is deleted in wmi_free_devices().\n\nFix the problem by using the miscdevice pointer to retrieve the WMI\ndevice data associated with a char device using container_of(). This\nalso avoids wmi_char_open() picking a wrong WMI device bound to a\ndriver with the same name as the original driver."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/platform/x86/wmi.c"
],
"versions": [
{
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"lessThan": "cf098e937dd125c0317a0d6f261ac2a950a233d6",
"status": "affected",
"versionType": "git"
},
{
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"lessThan": "9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203",
"status": "affected",
"versionType": "git"
},
{
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"lessThan": "d426a2955e45a95b2282764105fcfb110a540453",
"status": "affected",
"versionType": "git"
},
{
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"lessThan": "e0bf076b734a2fab92d8fddc2b8b03462eee7097",
"status": "affected",
"versionType": "git"
},
{
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"lessThan": "44a96796d25809502c75771d40ee693c2e44724e",
"status": "affected",
"versionType": "git"
},
{
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"lessThan": "36d85fa7ae0d6be651c1a745191fa7ef055db43e",
"status": "affected",
"versionType": "git"
},
{
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"lessThan": "fb7b06b59c6887659c6ed0ecd3110835eecbb6a3",
"status": "affected",
"versionType": "git"
},
{
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"lessThan": "eba9ac7abab91c8f6d351460239108bef5e7a0b6",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/platform/x86/wmi.c"
],
"versions": [
{
"version": "4.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.15",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.299",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.261",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.201",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.139",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.63",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.5.12",
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.2",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.7",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.299"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "5.4.261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "5.10.201"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "5.15.139"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "6.1.63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "6.5.12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "6.6.2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "6.7"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6"
},
{
"url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203"
},
{
"url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453"
},
{
"url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097"
},
{
"url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e"
},
{
"url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e"
},
{
"url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3"
},
{
"url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6"
}
],
"title": "platform/x86: wmi: Fix opening of char device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2023-52864",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}