CVE-2023-52861

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes) as the EDID information to the sound framework if there is no connector attached.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86
https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc
https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331
https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd

Configurations

No configuration.

History

03 Jul 2024, 01:44

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: bridge: it66121: Corrige la desreferencia del conector no válido. Corrige la desreferencia del puntero NULL cuando no hay ningún monitor conectado y la tarjeta de sonido se abre desde el espacio de usuario. En su lugar, devuelva un búfer vacío (de ceros) como información EDID al sistema de sonido si no hay ningún conector conectado.
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.2

21 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-21 16:15

Updated : 2024-07-03 01:44

NVD link : CVE-2023-52861

Mitre link : CVE-2023-52861

CVE.ORG link : CVE-2023-52861

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2023-52861", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2024-05-21T16:15:23.073", "references": [{"url": "https://git.kernel.org/stable/c/1374561a7cbc9a000b77bb0473bb2c19daf18d86", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1669d7b21a664aa531856ce85b01359a376baebc", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2c80c4f0d2845645f41cbb7c9304c8efbdbd4331", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d0375f6858c4ff7244b62b02eb5e93428e1916cd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: it66121: Fix invalid connector dereference\n\nFix the NULL pointer dereference when no monitor is connected, and the\nsound card is opened from userspace.\n\nInstead return an empty buffer (of zeroes) as the EDID information to\nthe sound framework if there is no connector attached."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: bridge: it66121: Corrige la desreferencia del conector no v\u00e1lido. Corrige la desreferencia del puntero NULL cuando no hay ning\u00fan monitor conectado y la tarjeta de sonido se abre desde el espacio de usuario. En su lugar, devuelva un b\u00fafer vac\u00edo (de ceros) como informaci\u00f3n EDID al sistema de sonido si no hay ning\u00fan conector conectado."}], "lastModified": "2024-07-03T01:44:07.527", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}