CVE-2023-52864
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52864
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52864.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52864
- Downstream
- Related
- Published
- 2024-05-21T15:31:55.875Z
- Modified
- 2025-11-28T02:34:31.808390Z
- Summary
- platform/x86: wmi: Fix opening of char device
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: wmi: Fix opening of char device
Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->privatedata, which means that privatedata will not be NULL when wmicharopen() is called. This might cause memory corruption should wmicharopen() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmifreedevices().
Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using containerof(). This also avoids wmichar_open() picking a wrong WMI device bound to a driver with the same name as the original driver.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52864.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e
- https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e
- https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203
- https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6
- https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453
- https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097
- https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6
- https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52864.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-52864
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced44b6b7661132b1b0e5fd3147ded66f1e4a817ca9Fixedcf098e937dd125c0317a0d6f261ac2a950a233d6Fixed9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203Fixedd426a2955e45a95b2282764105fcfb110a540453Fixede0bf076b734a2fab92d8fddc2b8b03462eee7097Fixed44a96796d25809502c75771d40ee693c2e44724eFixed36d85fa7ae0d6be651c1a745191fa7ef055db43eFixedfb7b06b59c6887659c6ed0ecd3110835eecbb6a3Fixedeba9ac7abab91c8f6d351460239108bef5e7a0b6
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.299
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.261
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.201
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.139
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.63
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.5.12
- Type
- ECOSYSTEM
- Events
-
Introduced6.6.0Fixed6.6.2