{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-2194", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2025-02-13T16:40:28.918Z", "dateReserved": "2023-04-20T00:00:00.000Z", "datePublished": "2023-04-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-05-03T13:06:24.404Z"}, "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace \"data->block[0]\" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution."}], "affected": [{"vendor": "n/a", "product": "Linux kernel: i2c: xgene-slimpro", "versions": [{"version": "Fixed in kernel v6.3-rc4", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188396"}, {"url": "https://github.com/torvalds/linux/commit/92fbb6d1296f"}, {"name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"}, {"name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-787", "cweId": "CWE-787"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:12:20.649Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188396", "tags": ["x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/92fbb6d1296f", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"}, {"name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3769AA63-B0A8-4EF1-96F9-6A6A6B305A02", "versionEndExcluding": "6.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*", "matchCriteriaId": "3583026A-27EC-4A4C-850A-83F2AF970673", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace \"data->block[0]\" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution."}], "id": "CVE-2023-2194", "lastModified": "2024-11-21T07:58:07.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-20T21:15:09.047", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188396"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/92fbb6d1296f"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/92fbb6d1296f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:4541", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-477.21.1.rt7.284.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-08-08T00:00:00Z"}, {"advisory": "RHSA-2023:4517", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-477.21.1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:0412", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "kernel-0:4.18.0-372.87.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2023:3723", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.18.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-21T00:00:00Z"}, {"advisory": "RHSA-2023:3708", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-284.18.1.rt14.303.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-21T00:00:00Z"}, {"advisory": "RHSA-2023:3723", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.18.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-21T00:00:00Z"}, {"advisory": "RHSA-2024:0412", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "kernel-0:4.18.0-372.87.1.el8_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2024-01-25T00:00:00Z"}], "bugzilla": {"description": "kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()", "id": "2188396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188396"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace \"data->block[0]\" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.", "An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace \"data->block[0]\" variable was not limited to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This issue could allow a local privileged user to crash the system or potentially achieve code execution."], "mitigation": {"lang": "en:us", "value": "This flaw can be mitigated by preventing the i2c-xgene-slimpro module from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from being loaded automatically."}, "name": "CVE-2023-2194", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-03-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-2194\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2194"], "statement": "Red Hat Enterprise Linux 6 and 7 are not affected by this vulnerability as the shipped kernels did not include support for SLIMpro I2C device driver (upstream commit f6505fb). This flaw was rated Moderate as i2c devices are root-only accessible in RHEL.", "threat_severity": "Moderate"}