Wind River Support Network

HomeDefectsLIN1022-4066
Fixed

LIN1022-4066 : Security Advisory - linux - CVE-2023-2194

Created: Apr 20, 2023    Updated: May 4, 2023
Resolved Date: Apr 24, 2023
Found In Version: 10.22.33.1
Fix Version: 10.22.33.8
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel

Description

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.

CREATE(Triage):(User=admin) [CVE-2023-2194 (https://nvd.nist.gov/vuln/detail/CVE-2023-2194)

CVEs


Live chat
Online