In the Linux kernel, the following vulnerability has been resolved:
bus: mhi: host: Add alignment check for event ring read pointer
Though we do check the event ring read pointer by "isvalidringptr" to make sure it is in the buffer range, but there is another risk the pointer may be not aligned. Since we are expecting event ring elements are 128 bits(struct mhiring_element) aligned, an unaligned read pointer could lead to multiple issues like DoS or ring buffer memory corruption.
So add a alignment check for event ring read pointer.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52494.json"
}"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52494.json"
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 141.0,
"function_hash": "180203514814026461757076685963187697612"
},
"signature_type": "Function",
"id": "CVE-2023-52494-1554a101",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ecf8320111822a1ae5d5fc512953eab46d543d0b",
"target": {
"function": "is_valid_ring_ptr",
"file": "drivers/bus/mhi/host/main.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 141.0,
"function_hash": "180203514814026461757076685963187697612"
},
"signature_type": "Function",
"id": "CVE-2023-52494-183c868c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@94991728c84f8df54fd9eec9b85855ef9057ea08",
"target": {
"function": "is_valid_ring_ptr",
"file": "drivers/bus/mhi/host/main.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"300157446738356487273002732633305925690",
"150328324652873192331900703529912152954",
"250615479007626783755536353739389082214",
"321424256445086222304912688362416091277"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2023-52494-5f6c20eb",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2df39ac8f813860f79782807c3f7acff40b3c551",
"target": {
"file": "drivers/bus/mhi/host/main.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"300157446738356487273002732633305925690",
"150328324652873192331900703529912152954",
"250615479007626783755536353739389082214",
"321424256445086222304912688362416091277"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2023-52494-61a37db1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@94991728c84f8df54fd9eec9b85855ef9057ea08",
"target": {
"file": "drivers/bus/mhi/host/main.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 141.0,
"function_hash": "180203514814026461757076685963187697612"
},
"signature_type": "Function",
"id": "CVE-2023-52494-8cc3a756",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eff9704f5332a13b08fbdbe0f84059c9e7051d5f",
"target": {
"function": "is_valid_ring_ptr",
"file": "drivers/bus/mhi/host/main.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 141.0,
"function_hash": "180203514814026461757076685963187697612"
},
"signature_type": "Function",
"id": "CVE-2023-52494-965ffc0e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2df39ac8f813860f79782807c3f7acff40b3c551",
"target": {
"function": "is_valid_ring_ptr",
"file": "drivers/bus/mhi/host/main.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"300157446738356487273002732633305925690",
"150328324652873192331900703529912152954",
"250615479007626783755536353739389082214",
"321424256445086222304912688362416091277"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2023-52494-9fe3f47a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ecf8320111822a1ae5d5fc512953eab46d543d0b",
"target": {
"file": "drivers/bus/mhi/host/main.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 141.0,
"function_hash": "180203514814026461757076685963187697612"
},
"signature_type": "Function",
"id": "CVE-2023-52494-c6a46596",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a9ebfc405fe1be145f414eafadcbf09506082010",
"target": {
"function": "is_valid_ring_ptr",
"file": "drivers/bus/mhi/host/main.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"300157446738356487273002732633305925690",
"150328324652873192331900703529912152954",
"250615479007626783755536353739389082214",
"321424256445086222304912688362416091277"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2023-52494-d46da6fb",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eff9704f5332a13b08fbdbe0f84059c9e7051d5f",
"target": {
"file": "drivers/bus/mhi/host/main.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"300157446738356487273002732633305925690",
"150328324652873192331900703529912152954",
"250615479007626783755536353739389082214",
"321424256445086222304912688362416091277"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2023-52494-eeeb8d8e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a9ebfc405fe1be145f414eafadcbf09506082010",
"target": {
"file": "drivers/bus/mhi/host/main.c"
}
}
]