CVE-2023-52864

Advisory lineage Upstream: 0 Downstream: 22

Downstream

DEBIAN-CVE-2023-52864 RHSA-2024:5101 RHSA-2024:5102 RHSA-2024:5363 RHSA-2024:5364 RHSA-2024:5365

Analyzed

Published: 21 May 2024, 15:31

Last modified:11 May 2026, 19:34

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 May 2024, 15:31

Published

Vulnerability first disclosed

11 May 2026, 19:34

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, which means that private_data will not be NULL when wmi_char_open() is called. This might cause memory corruption should wmi_char_open() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmi_free_devices(). Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using container_of(). This also avoids wmi_char_open() picking a wrong WMI device bound to a driver with the same name as the original driver.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9, < cf098e937dd125c0317a0d6f261ac2a950a233d6 | ≥ 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9, < 9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203 | ≥ 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9, < d426a2955e45a95b2282764105fcfb110a540453 | ≥ 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9, < e0bf076b734a2fab92d8fddc2b8b03462eee7097 | ≥ 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9, < 44a96796d25809502c75771d40ee693c2e44724e | ≥ 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9, < 36d85fa7ae0d6be651c1a745191fa7ef055db43e | ≥ 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9, < fb7b06b59c6887659c6ed0ecd3110835eecbb6a3 | ≥ 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9, < eba9ac7abab91c8f6d351460239108bef5e7a0b6 | 4.15
linux•linux_kernel
≥ 4.15, < 4.19.299 | ≥ 4.20, < 5.4.261 | ≥ 5.5, < 5.10.201 | ≥ 5.11, < 5.15.139 | ≥ 5.16, < 6.1.63 | ≥ 6.2, < 6.5.12 | ≥ 6.6, < 6.6.2