CVE-2023-52494

bus: mhi: host: Add alignment check for event ring read pointer

Description

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "is_valid_ring_ptr" to make sure it is in the buffer range, but there is another risk the pointer may be not aligned. Since we are expecting event ring elements are 128 bits(struct mhi_ring_element) aligned, an unaligned read pointer could lead to multiple issues like DoS or ring buffer memory corruption. So add a alignment check for event ring read pointer.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/94991728c84f8df54fd9eec9b85855ef9057ea08 patch mailing list
https://git.kernel.org/stable/c/2df39ac8f813860f79782807c3f7acff40b3c551 patch mailing list
https://git.kernel.org/stable/c/a9ebfc405fe1be145f414eafadcbf09506082010 patch mailing list
https://git.kernel.org/stable/c/ecf8320111822a1ae5d5fc512953eab46d543d0b patch mailing list
https://git.kernel.org/stable/c/eff9704f5332a13b08fbdbe0f84059c9e7051d5f patch mailing list

Frequently Asked Questions

What is the severity of CVE-2023-52494?
CVE-2023-52494 has been scored as a high severity vulnerability.
How to fix CVE-2023-52494?
To fix CVE-2023-52494, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52494 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52494 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52494?
CVE-2023-52494 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.