QwikSec

Security Database

CVE

CWE

Training

CVE-2023-2194

Published: Apr 20, 2023

Modified: Apr 23, 2025

PUBLISHED

Description

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.

Vendor	Product	Versions
n/a	Linux kernel: i2c: xgene-slimpro	affected `Fixed in kernel v6.3-rc4`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2188396

https://github.com/torvalds/linux/commit/92fbb6d1296f

[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update

mailing-list

[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.