CVE-2023-52864

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52864
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52864.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52864
Downstream
Related
Published
2024-05-21T16:15:23Z
Modified
2025-09-24T00:15:36Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: wmi: Fix opening of char device

Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->privatedata, which means that privatedata will not be NULL when wmicharopen() is called. This might cause memory corruption should wmicharopen() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmifreedevices().

Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using containerof(). This also avoids wmichar_open() picking a wrong WMI device bound to a driver with the same name as the original driver.

References

Affected packages