CVE-2023-52614

PM / devfreq: Fix buffer overflow in trans_stat_show

Description

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/087de000e4f8c878c81d9dd3725f00a1d292980c patch
https://git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f patch
https://git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c patch
https://git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8 patch
https://git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87 patch
https://git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html patch

Frequently Asked Questions

What is the severity of CVE-2023-52614?
CVE-2023-52614 has been scored as a high severity vulnerability.
How to fix CVE-2023-52614?
To fix CVE-2023-52614, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52614 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52614 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52614?
CVE-2023-52614 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.