CVE-2023-52864 Affecting kernel-abi-stablelists package, versions <0:5.14.0-427.31.1.el9_4


Severity

Recommended
high

Based on AlmaLinux security rating

    Threat Intelligence

    EPSS
    0.04% (15th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-ALMALINUX9-KERNELABISTABLELISTS-8326597
  • published 4 Nov 2024
  • disclosed 14 Aug 2024

How to fix?

Upgrade AlmaLinux:9 kernel-abi-stablelists to version 0:5.14.0-427.31.1.el9_4 or higher.
This issue was patched in ALSA-2024:5363.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-abi-stablelists package and not the kernel-abi-stablelists package as distributed by AlmaLinux. See How to fix? for AlmaLinux:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: wmi: Fix opening of char device

Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, which means that private_data will not be NULL when wmi_char_open() is called. This might cause memory corruption should wmi_char_open() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmi_free_devices().

Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using container_of(). This also avoids wmi_char_open() picking a wrong WMI device bound to a driver with the same name as the original driver.

CVSS Scores

version 3.1
Expand this section

Red Hat

4.4 medium
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    High
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    None
  • Availability (A)
    High
Expand this section

SUSE

5.5 medium