Out-of-bounds Write Affecting kernel-devel package, versions <0:4.18.0-553.16.1.el8_10


Severity

Recommended
0.0
high
0
10

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.01% (1st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE8-KERNELDEVEL-7675178
  • published10 Aug 2024
  • disclosed21 May 2024

Introduced: 21 May 2024

CVE-2023-52864  (opens in a new tab)
CWE-787  (opens in a new tab)

How to fix?

Upgrade Oracle:8 kernel-devel to version 0:4.18.0-553.16.1.el8_10 or higher.
This issue was patched in ELSA-2024-5101.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-devel package and not the kernel-devel package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: wmi: Fix opening of char device

Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, which means that private_data will not be NULL when wmi_char_open() is called. This might cause memory corruption should wmi_char_open() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmi_free_devices().

Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using container_of(). This also avoids wmi_char_open() picking a wrong WMI device bound to a driver with the same name as the original driver.

CVSS Base Scores

version 3.1