CVE-2023-52495: soc: qcom: pmic_glink_altmode: fix port sanity check

Description

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: pmic_glink_altmode: fix port sanity check

The PMIC GLINK altmode driver currently supports at most two ports.

Fix the incomplete port sanity check on notifications to avoid
accessing and corrupting memory beyond the port array if we ever get a
notification for an unsupported port.

Classification

CVE ID: CVE-2023-52495

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.kernel.org/stable/c/532a5557da6892a6b2d5793052e1bce1f4c9e177
https://git.kernel.org/stable/c/d26edf4ee3672cc9828f2a3ffae34086a712574d
https://git.kernel.org/stable/c/c4fb7d2eac9ff9bfc35a2e4d40c7169a332416e0

Timeline

2024-12-20 00:30:40 UTC
CVE

soc: qcom: pmic_glink_altmode: fix port sanity check