CVE-2023-52857

EPSS 0.02%
Veröffentlicht 21.05.2024 16:15:22
Zuletzt bearbeitet 03.11.2025 20:16:05
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: Fix coverity issue with unintentional integer overflow

1. Instead of multiplying 2 variable of different types. Change to
assign a value of one variable and then multiply the other variable.

2. Add a int variable for multiplier calculation instead of calculating
different types multiplier with dma_addr_t variable directly.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.13.12 < 6.5.12

Linux ≫ Linux Kernel Version >= 6.6 < 6.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.026

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/0d8a1df39d3fc34560e2cc663b5c340d06a25396

Patch

https://git.kernel.org/stable/c/96312a251d4dcee5d36e32edba3002bfde0ddd9c

Patch

https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7

Patch

https://git.kernel.org/stable/c/a12bd675100531f9fb4508fd4430dd1632325a0e

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

https://nvd.nist.gov/vuln/detail/CVE-2023-52857

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52857

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52857

EUVD