{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()\n\nCoverity complains that pointer in the pci_dev_for_each_resource() may be\nwrong, i.e., might be used for the out-of-bounds read.\n\nThere is no actual issue right now because we have another check afterwards\nand the out-of-bounds read is not being performed. In any case it's better\ncode with this fixed, hence the proposed change.\n\nAs Jonas pointed out \"It probably makes the code slightly less performant\nas res will now be checked for being not NULL (which will always be true),\nbut I doubt it will be significant (or in any hot paths).\"" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { "version": "09cc90063240", "lessThan": "5b3e25efe16e", "status": "affected", "versionType": "git" }, { "version": "09cc90063240", "lessThan": "bd26159dcaaa", "status": "affected", "versionType": "git" }, { "version": "09cc90063240", "lessThan": "3171e46d677a", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { "version": "6.4", "status": "affected" }, { "version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "custom" }, { "version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.8-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/5b3e25efe16e06779a9a7c7610217c1b921ec179" }, { "url": "https://git.kernel.org/stable/c/bd26159dcaaa3e9a927070efd348e7ce7e5ee933" }, { "url": "https://git.kernel.org/stable/c/3171e46d677a668eed3086da78671f1e4f5b8405" } ], "title": "PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource()", "x_generator": { "engine": "bippy-c298863b1525" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2023-52466", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }