PM / devfreq: Fix buffer overflow in trans_stat_show

CVE	CVE-2023-52614
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2024-03-18 11:15:08 UTC
Updated	2026-05-12 12:16:16 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error.

Primary CVSS: v3.1 7.8 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types: CWE-120

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected e552bbaf5b987f57c43e6981a452b8a3c700b1ae 087de000e4f8c878c81d9dd3725f00a1d292980c git	Not specified
CNA	Linux	Linux	affected e552bbaf5b987f57c43e6981a452b8a3c700b1ae 796d3fad8c35ee9df9027899fb90ceaeb41b958f git	Not specified
CNA	Linux	Linux	affected e552bbaf5b987f57c43e6981a452b8a3c700b1ae 8a7729cda2dd276d7a3994638038fb89035b6f2c git	Not specified
CNA	Linux	Linux	affected e552bbaf5b987f57c43e6981a452b8a3c700b1ae a979f56aa4b93579cf0e4265ae04d7e9300fd3e8 git	Not specified
CNA	Linux	Linux	affected e552bbaf5b987f57c43e6981a452b8a3c700b1ae eaef4650fa2050147ca25fd7ee43bc0082e03c87 git	Not specified
CNA	Linux	Linux	affected e552bbaf5b987f57c43e6981a452b8a3c700b1ae 08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4 git	Not specified
CNA	Linux	Linux	affected 3.8	Not specified
CNA	Linux	Linux	unaffected 3.8 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.216 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.149 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.76 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.15 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.7.3 6.7.* semver	Not specified
CNA	Linux	Linux	unaffected 6.8 * original_commit_for_fix	Not specified
ADP	Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem	affected * custom	Not specified

Reference	Source	Link	Tags
lists.debian.org/debian-lts-announce/2024/06/msg00017.html	af854a3a-2127-422b-91ae-364da2661108	lists.debian.org	Patch
git.kernel.org/stable/c/087de000e4f8c878c81d9dd3725f00a1d292980c	af854a3a-2127-422b-91ae-364da2661108	git.kernel.org	Patch
cert-portal.siemens.com/productcert/html/ssa-265688.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e	cert-portal.siemens.com
git.kernel.org/stable/c/08e23d05fa6dc4fc13da0ccf09defdd4bbc92ff4	af854a3a-2127-422b-91ae-364da2661108	git.kernel.org	Patch
git.kernel.org/stable/c/a979f56aa4b93579cf0e4265ae04d7e9300fd3e8	af854a3a-2127-422b-91ae-364da2661108	git.kernel.org	Patch
git.kernel.org/stable/c/796d3fad8c35ee9df9027899fb90ceaeb41b958f	af854a3a-2127-422b-91ae-364da2661108	git.kernel.org	Patch
git.kernel.org/stable/c/8a7729cda2dd276d7a3994638038fb89035b6f2c	af854a3a-2127-422b-91ae-364da2661108	git.kernel.org	Patch
git.kernel.org/stable/c/eaef4650fa2050147ca25fd7ee43bc0082e03c87	af854a3a-2127-422b-91ae-364da2661108	git.kernel.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.