CVE-2021-42327
Description
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
Risk Information
Base Score
6.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.249
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel for OEM systems (USN-5165-1) linux-image-oem-20.04d_5.14.0.1008.8_amd64.deb | Linux |
| Linux kernel for OEM systems (USN-5165-1) linux-image-5.14.0-1008-oem_5.14.0-1008.8_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-aws_5.13.0.1012.13_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-aws_5.13.0.1015.16~20.04.8_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-gcp_5.13.0.1013.12_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-gcp_5.13.0.1015.18~20.04.2_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-gke_5.13.0.1013.12_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-kvm_5.13.0.1011.11_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-oracle_5.13.0.1016.16_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-oracle_5.13.0.1019.23~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-generic_5.13.0.28.38_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-virtual_5.13.0.28.38_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-oem-20.04_5.13.0.28.38_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-lowlatency_5.13.0.28.38_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-oem-20.04c_5.13.0.1029.31_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.11.0-1029-gcp_5.11.0-1029.33~20.04.3_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1011-kvm_5.13.0-1011.12_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1012-aws_5.13.0-1012.13_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1013-gcp_5.13.0-1013.16_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1029-oem_5.13.0-1029.36_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-28-generic_5.13.0-28.31_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-28-generic_5.13.0-28.31~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-generic-hwe-20.04_5.13.0.28.31~20.04.15_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-virtual-hwe-20.04_5.13.0.28.31~20.04.15_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.11.0-1028-oracle_5.11.0-1028.31~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1016-oracle_5.13.0-1016.20_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-28-lowlatency_5.13.0-28.31_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-28-lowlatency_5.13.0-28.31~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-lowlatency-hwe-20.04_5.13.0.28.31~20.04.15_amd64.deb | Linux |
| Linux kernel for Intel IOTG (USN-5362-1) linux-image-intel_5.13.0.1010.11_amd64.deb | Linux |
| Linux kernel for Intel IOTG (USN-5362-1) linux-image-5.13.0-1010-intel_5.13.0-1010.10_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.11.0-1028-azure_5.11.0-1028.31~20.04.2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234