CVE-2023-52649
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52649
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52649.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-52649
- Downstream
- Published
- 2024-05-01T12:53:08Z
- Modified
- 2025-10-21T14:37:30.809143Z
- Summary
- drm/vkms: Avoid reading beyond LUT array
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/vkms: Avoid reading beyond LUT array
When the floor LUT index (drmfixp2int(lutindex) is the last index of the array the ceil LUT index will point to an entry beyond the array. Make sure we guard against it and use the value of the floor LUT index.
v3: - Drop bits from commit description that didn't contribute anything of value
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/046c1184ce60b0a37d48134f17ddbc1f32ce02bd
- https://git.kernel.org/stable/c/2fee84030d12d9fddfa874e4562d71761a129277
- https://git.kernel.org/stable/c/92800aaeff51b8358d1e0a7eb74daf8aa2d7ce9d
- https://git.kernel.org/stable/c/9556c167673057d48ce4a0da675026fe046654c1
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddb1f254f2cfaf0510ae34fa2311a8d749e95179aFixed9556c167673057d48ce4a0da675026fe046654c1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddb1f254f2cfaf0510ae34fa2311a8d749e95179aFixed046c1184ce60b0a37d48134f17ddbc1f32ce02bd
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddb1f254f2cfaf0510ae34fa2311a8d749e95179aFixed92800aaeff51b8358d1e0a7eb74daf8aa2d7ce9d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddb1f254f2cfaf0510ae34fa2311a8d749e95179aFixed2fee84030d12d9fddfa874e4562d71761a129277
Affected versions
v6.*
v6.5
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
Database specific
vanir_signatures
[
{
"id": "CVE-2023-52649-0aa4bf6f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92800aaeff51b8358d1e0a7eb74daf8aa2d7ce9d",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "apply_lut_to_channel_value",
"file": "drivers/gpu/drm/vkms/vkms_composer.c"
},
"digest": {
"length": 423.0,
"function_hash": "186789708783366709651353268913051834417"
},
"signature_type": "Function"
},
{
"id": "CVE-2023-52649-355ee69f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@046c1184ce60b0a37d48134f17ddbc1f32ce02bd",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/gpu/drm/vkms/vkms_composer.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"310924559530734434091955097604279349554",
"173396015222661992087672089313187313397",
"152773543942662857217393763054264942009",
"10691733024899554076076407446937398906",
"245572959647100131877873988680877191221",
"173604418574412335140375844189279072376",
"78299103303516548563558183833178566487",
"331217470158794900173094643903014176177",
"215448701164819377109720784033220369770"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-52649-4108ed52",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@046c1184ce60b0a37d48134f17ddbc1f32ce02bd",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "apply_lut_to_channel_value",
"file": "drivers/gpu/drm/vkms/vkms_composer.c"
},
"digest": {
"length": 423.0,
"function_hash": "186789708783366709651353268913051834417"
},
"signature_type": "Function"
},
{
"id": "CVE-2023-52649-5c98da0f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9556c167673057d48ce4a0da675026fe046654c1",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "apply_lut_to_channel_value",
"file": "drivers/gpu/drm/vkms/vkms_composer.c"
},
"digest": {
"length": 423.0,
"function_hash": "186789708783366709651353268913051834417"
},
"signature_type": "Function"
},
{
"id": "CVE-2023-52649-8c17ad58",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@92800aaeff51b8358d1e0a7eb74daf8aa2d7ce9d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/gpu/drm/vkms/vkms_composer.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"310924559530734434091955097604279349554",
"173396015222661992087672089313187313397",
"152773543942662857217393763054264942009",
"10691733024899554076076407446937398906",
"245572959647100131877873988680877191221",
"173604418574412335140375844189279072376",
"78299103303516548563558183833178566487",
"331217470158794900173094643903014176177",
"215448701164819377109720784033220369770"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-52649-a0355466",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9556c167673057d48ce4a0da675026fe046654c1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/gpu/drm/vkms/vkms_composer.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"310924559530734434091955097604279349554",
"173396015222661992087672089313187313397",
"152773543942662857217393763054264942009",
"10691733024899554076076407446937398906",
"245572959647100131877873988680877191221",
"173604418574412335140375844189279072376",
"78299103303516548563558183833178566487",
"331217470158794900173094643903014176177",
"215448701164819377109720784033220369770"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-52649-e08c290a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2fee84030d12d9fddfa874e4562d71761a129277",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/gpu/drm/vkms/vkms_composer.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"310924559530734434091955097604279349554",
"173396015222661992087672089313187313397",
"152773543942662857217393763054264942009",
"10691733024899554076076407446937398906",
"245572959647100131877873988680877191221",
"173604418574412335140375844189279072376",
"78299103303516548563558183833178566487",
"331217470158794900173094643903014176177",
"215448701164819377109720784033220369770"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2023-52649-e6ce2282",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2fee84030d12d9fddfa874e4562d71761a129277",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "apply_lut_to_channel_value",
"file": "drivers/gpu/drm/vkms/vkms_composer.c"
},
"digest": {
"length": 423.0,
"function_hash": "186789708783366709651353268913051834417"
},
"signature_type": "Function"
}
]