Home > Vulnerability Database > CVE-2023-2194

Mend.io Vulnerability Database

CVE-2023-2194

Date: April 20, 2023

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.

Severity Score

6.7

Related Resources (7)

Url: https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Url: https://github.com/torvalds/linux/commit/92fbb6d1296f

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2188396

Url: https://access.redhat.com/security/cve/CVE-2023-2194

Url: https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2194

Url: https://www.mend.io/vulnerability-database/CVE-2023-2194

Severity Score

6.7

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-2194

Date: April 20, 2023

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?