Acknowledged
Created: Apr 20, 2023
Updated: Apr 21, 2023
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Kernel
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.
CREATE(Triage):(User=admin) [CVE-2023-2194 (https://nvd.nist.gov/vuln/detail/CVE-2023-2194)