Wind River Support Network

Not to be fixed

LIN1021-7596 : Security Advisory - linux - CVE-2023-52494

Created: Mar 2, 2024    Updated: Apr 9, 2024
Resolved Date: Apr 9, 2024
Found In Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel


In the Linux kernel, the following vulnerability has been resolved:

bus: mhi: host: Add alignment check for event ring read pointer

Though we do check the event ring read pointer by "is_valid_ring_ptr"
to make sure it is in the buffer range, but there is another risk the
pointer may be not aligned.  Since we are expecting event ring elements
are 128 bits(struct mhi_ring_element) aligned, an unaligned read pointer
could lead to multiple issues like DoS or ring buffer memory corruption.

So add a alignment check for event ring read pointer.
Live chat