-

CVE-2023-53059

EPSS 0.04%
Veröffentlicht 02.05.2025 15:55:13
Zuletzt bearbeitet 05.05.2025 20:54:45
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl

It is possible to peep kernel page's data by providing larger `insize`
in struct cros_ec_command[1] when invoking EC host commands.

Fix it by using zeroed memory.

[1]: https://elixir.bootlin.com/linux/v6.2/source/include/linux/platform_data/cros_ec_proto.h#L74

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 13493ad6a220cb3f6f3552a16b4f2753a118b633

Version eda2e30c6684d67288edb841c6125d48c608a242

Status affected

Version < f86ff88a1548ccf5a13960c0e7625ca787ea0993

Version eda2e30c6684d67288edb841c6125d48c608a242

Status affected

Version < ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4

Version eda2e30c6684d67288edb841c6125d48c608a242

Status affected

Version < eab28bfafcd1245a3510df9aa9eb940589956ea6

Version eda2e30c6684d67288edb841c6125d48c608a242

Status affected

Version < a0d8644784f73fa39f57f72f374eefaba2bf48a0

Version eda2e30c6684d67288edb841c6125d48c608a242

Status affected

Version < b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3

Version eda2e30c6684d67288edb841c6125d48c608a242

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.4

Status affected

Version < 5.4

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.240

Status unaffected

Version <= 5.10.*

Version 5.10.177

Status unaffected

Version <= 5.15.*

Version 5.15.105

Status unaffected

Version <= 6.1.*

Version 6.1.22

Status unaffected

Version <= 6.2.*

Version 6.2.9

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.131

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/13493ad6a220cb3f6f3552a16b4f2753a118b633

https://git.kernel.org/stable/c/f86ff88a1548ccf5a13960c0e7625ca787ea0993

https://git.kernel.org/stable/c/ebea2e16504f40d2c2bac42ad5c5a3de5ce034b4

https://git.kernel.org/stable/c/eab28bfafcd1245a3510df9aa9eb940589956ea6

https://git.kernel.org/stable/c/a0d8644784f73fa39f57f72f374eefaba2bf48a0

https://git.kernel.org/stable/c/b20cf3f89c56b5f6a38b7f76a8128bf9f291bbd3

https://nvd.nist.gov/vuln/detail/CVE-2023-53059

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53059

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53059

EUVD