Vulnerabilities > CVE-2023-52794 - Unspecified vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: powerclamp: fix mismatch in get function for max_idle KASAN reported this [ 444.853098] BUG: KASAN: global-out-of-bounds in param_get_int+0x77/0x90 [ 444.853111] Read of size 4 at addr ffffffffc16c9220 by task cat/2105 ... [ 444.853442] The buggy address belongs to the variable: [ 444.853443] max_idle+0x0/0xffffffffffffcde0 [intel_powerclamp] There is a mismatch between the param_get_int and the definition of max_idle. Replacing param_get_int with param_get_byte resolves this issue.
Vulnerable Configurations
References
- https://git.kernel.org/stable/c/0a8585281b11e3a0723bba8d8085d61f0b55f37c
- https://git.kernel.org/stable/c/0a8585281b11e3a0723bba8d8085d61f0b55f37c
- https://git.kernel.org/stable/c/6a3866dbdcf39ac93e98708e6abced511733dc18
- https://git.kernel.org/stable/c/6a3866dbdcf39ac93e98708e6abced511733dc18
- https://git.kernel.org/stable/c/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7
- https://git.kernel.org/stable/c/fae633cfb729da2771b5433f6b84ae7e8b4aa5f7