2310378 – (CVE-2023-52916) CVE-2023-52916 kernel: media: aspeed: Fix memory overwrite if timing is 1600x900

Bug 2310378 (CVE-2023-52916) - CVE-2023-52916 kernel: media: aspeed: Fix memory overwrite if timing is 1600x900

Summary: CVE-2023-52916 kernel: media: aspeed: Fix memory overwrite if timing is 1600x900

Keywords:
Status:	NEW
Alias:	CVE-2023-52916
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-06 09:20 UTC by OSIDB Bzimport
Modified:	2024-09-06 10:50 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-09-06 09:20:39 UTC

In the Linux kernel, the following vulnerability has been resolved:

media: aspeed: Fix memory overwrite if timing is 1600x900

When capturing 1600x900, system could crash when system memory usage is
tight.

The way to reproduce this issue:
1. Use 1600x900 to display on host
2. Mount ISO through 'Virtual media' on OpenBMC's web
3. Run script as below on host to do sha continuously
  #!/bin/bash
  while [ [1] ];
  do
	find /media -type f -printf '"%h/%f"\n' | xargs sha256sum
  done
4. Open KVM on OpenBMC's web

The size of macro block captured is 8x8. Therefore, we should make sure
the height of src-buf is 8 aligned to fix this issue.

Comment 1 Michal Findra 2024-09-06 10:45:44 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024090655-CVE-2023-52916-edc0@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.