CVE-2023-52987

EPSS 0.04%
Veröffentlicht 27.03.2025 16:43:24
Zuletzt bearbeitet 29.10.2025 17:08:57
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write()

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write()

The "id" comes from the user.  Change the type to unsigned to prevent
an array underflow.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 7 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.1 < 6.1.11

Linux ≫ Linux Kernel Version6.2 Updaterc1

Linux ≫ Linux Kernel Version6.2 Updaterc2

Linux ≫ Linux Kernel Version6.2 Updaterc3

Linux ≫ Linux Kernel Version6.2 Updaterc4

Linux ≫ Linux Kernel Version6.2 Updaterc5

Linux ≫ Linux Kernel Version6.2 Updaterc6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/d52f34784e4e2f6e77671a9f104d8a69a3b5d24c

Patch

https://git.kernel.org/stable/c/ea57680af47587397f5005d7758022441ed66d54

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-52987

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52987

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52987

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-52987